What TLS option. I don't know how to configure that? On Tue, Jan 24, 2017 at 10:08 AM, Mustafa Mohammad < mustafamohamma...@gmail.com> wrote:
> No, It is messaging with HTTPS. If I were to use splice and peek, do I > need a self signed certificate or any type of certificate? > > On Tue, Jan 24, 2017 at 12:56 AM, Amos Jeffries <squ...@treenet.co.nz> > wrote: > >> On 24/01/2017 3:38 p.m., Mustafa Mohammad wrote: >> > By regression...I mean our QA testing server. Let me explain this in >> > detail: I have a squid proxy running which is needed to connect to the >> > server so we can get back if the transaction was approved or not. It is >> a >> > point of sale application that send transaction data to the server to >> > receive response about the transaction and that's when the problem is >> > occurring when It is trying to communicate to that server. I received >> some >> > help and I think ssl splice and ssl peek might work but I don't know >> how to >> > use them. I don't the rules to apply in this situation. >> >> Whats usually needed in these setups is a reverse-proxy (aka "load >> balancer", CDN frontend, etc.). But for that to be Squid it would >> require the POS application to be messaging with HTTP. >> Is that the case? >> >> The peek-and-splice form of SSL-Bump MITM might work anyway so long as >> the application is actually using real TLS. But you need to be aware the >> splice action is just blindly tunneling the TLS data through Squid. It >> is not being touched, so anything like CRL issues is a problem between >> the endpoints - Squid cannot help unless its actually HTTP messages, >> then 'bump' action is needed to fully decrypt and modify the TLS. >> >> >> (That said, there have been some weird issues showing up even when the >> tunnel is spliced. see the threads about 30sec delays to cloudeflare, or >> curl rejecting tunneled traffic.) >> >> Amos >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
