No, It is messaging with HTTPS. If I were to use splice and peek, do I need a self signed certificate or any type of certificate?
On Tue, Jan 24, 2017 at 12:56 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 24/01/2017 3:38 p.m., Mustafa Mohammad wrote: > > By regression...I mean our QA testing server. Let me explain this in > > detail: I have a squid proxy running which is needed to connect to the > > server so we can get back if the transaction was approved or not. It is a > > point of sale application that send transaction data to the server to > > receive response about the transaction and that's when the problem is > > occurring when It is trying to communicate to that server. I received > some > > help and I think ssl splice and ssl peek might work but I don't know how > to > > use them. I don't the rules to apply in this situation. > > Whats usually needed in these setups is a reverse-proxy (aka "load > balancer", CDN frontend, etc.). But for that to be Squid it would > require the POS application to be messaging with HTTP. > Is that the case? > > The peek-and-splice form of SSL-Bump MITM might work anyway so long as > the application is actually using real TLS. But you need to be aware the > splice action is just blindly tunneling the TLS data through Squid. It > is not being touched, so anything like CRL issues is a problem between > the endpoints - Squid cannot help unless its actually HTTP messages, > then 'bump' action is needed to fully decrypt and modify the TLS. > > > (That said, there have been some weird issues showing up even when the > tunnel is spliced. see the threads about 30sec delays to cloudeflare, or > curl rejecting tunneled traffic.) > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
