Hi Amos,
> > Yes, but Squid has no way of trusting a self-signed cert. When Squid
> > mints a server cert on the fly and sends it to the client, the client
> > won't have any idea that the cert was originally self-signed. Like the
> > previous scenario, I'd want to step out of the way and defer th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/12/2014 10:20 a.m., Soren Madsen (DREIJER) wrote:
> Thanks for the quick reply, Amos.
>
>> Offering SSLv3 from a server is suicide these days. Those sites
>> should be on the fast decline, or at very least shunned like
>> plague victims. Lookup
Thanks for the quick reply, Amos.
> Offering SSLv3 from a server is suicide these days. Those sites should
> be on the fast decline, or at very least shunned like plague victims.
> Lookup POODLE if you dont know why already.
That's correct. That's why I don't want to bump such connections and ins
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/12/2014 8:11 a.m., Soren Madsen (DREIJER) wrote:
> Hi all,
>
> By default, I want to bump all connections through my Squid
> instance. However, while testing I've discovered lots of sites that
> use SSLv3
Offering SSLv3 from a server is suicid
Hi all,
By default, I want to bump all connections through my Squid instance. However,
while testing I've discovered lots of sites that use SSLv3 or self-signed
certificates, in which case I'd like to fall back to TLS passthrough mode and
let the client decide whether it wants to trust the serv
