Hi Amos,
> > Yes, but Squid has no way of trusting a self-signed cert. When Squid
> > mints a server cert on the fly and sends it to the client, the client
> > won't have any idea that the cert was originally self-signed. Like the
> > previous scenario, I'd want to step out of the way and defer th
Thanks for the quick reply, Amos.
> Offering SSLv3 from a server is suicide these days. Those sites should
> be on the fast decline, or at very least shunned like plague victims.
> Lookup POODLE if you dont know why already.
That's correct. That's why I don't want to bump such connections and ins
Hi all,
By default, I want to bump all connections through my Squid instance. However,
while testing I've discovered lots of sites that use SSLv3 or self-signed
certificates, in which case I'd like to fall back to TLS passthrough mode and
let the client decide whether it wants to trust the serv