eCAP

SSL Bump control from eCAP

Asked by Daryl Radivojevic on 2012-07-03

Is there are way to control which sites can be bypassed SSL decryption from eCAP during CONNECT stage?

Question information

Language:: English Edit question

Status:: Solved

For:: eCAP Edit question

Assignee:: No assignee Edit question

Solved by:: Alex Rousskov

Solved:: 2012-07-03

Last query:: 2012-07-03

Last reply:: 2012-07-03

Link existing bug

Revision history for this message

Alex Rousskov (rousskov) said on 2012-07-03:

Please ask Squid-specific questions on Squid forums -- eCAP is not specific to Squid.

Yes, I believe you can control SslBump decisions from an eCAP REQMOD adapter by adding custom headers to the CONNECT request and then looking for those headers during ssl_bump ACL checks. I have not tested it though. This should work for forwarded SSL connections, but not for intercepted ones. In the latter case, the ssl_bump check is performed before a [fake] CONNECT request can be adapted (something that can be improved if needed but it will not be trivial).

Revision history for this message

Daryl Radivojevic (daryl-rad) said on 2012-07-03:

Thanks Alex Rousskov, that solved my question.

To post a message you must log in.

Ask a question

Edit question

eCAP

SSL Bump control from eCAP

Question information

Related bugs

Related FAQ:

Subscribers