On 08/12/2015 03:20 PM, Jeremie Rafin wrote: > -while using squid, is it possible to have a SSL/HTTPS level of > security at least as high as with a reference like firefox?
With a custom certificate validation helper, Squid can match and exceed default browser protections when it comes to certificate validation. As you probably know already, with that helper, _you_ control which server certificates are distrusted: http://www.squid-cache.org/Doc/config/sslcrtvalidator_program/ http://wiki.squid-cache.org/Features/AddonHelpers#SSL_server_certificate_validator AFAIK, it is very difficult to write and maintain a good validator. If you cannot find an existing one that meets your needs and you are not an SSL expert, then you probably should not try to write one. I am not aware of any validators or libraries you can reuse, but that does not mean they do not exist. If nothing like this exists, there is probably an open source project and/or business opportunity here! Without a custom validator, Squid validation is pretty much as good as your OpenSSL installation, which can be better or worse than a specific browser installation. Good luck, Alex. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
