trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SunilVasanta <v.su...@sawridgesystems.com>
Subject Re: SSL bumping/peek/splice
Date Tue, 03 Mar 2015 05:50:11 GMT
Hi,

Is there any commercial support/assistance available for SSL bump/peek
in ATS.

Thanks,
Sunil Vasanta

On 03-03-2015 01:02, James Peach wrote:
>> On Feb 27, 2015, at 12:04 PM, Alex Crow <acrow@integrafin.co.uk> wrote:
>>
>> HI,
>>
>> Does there exist any mechanism in ATS configured as a forward proxy to allow proxying
and inspection of HTTPS/SSL traffic between corporate browsers (I say this as we have users
accept terms of usage for our systems) with a corporate CA added to their CA store and dynamically
generate certs from the corp CA key impersonating the original site?
>>
>> FYI this is for the purpose of, very much primarliy, scanning for malicious content
and enabling caching of static objects retrieved via https:// URLs (which would be a bonus
but not essential).
>>
>> For those that have done such a thing in Squid the Squid docs call these features
as in the subject line. Commercial proxies such as Bluecoat and Barracuda offer this too -
we've had some probs with Squid's implementation recently and are looking for an alternative
(which for obvious reasons I'd prefer to be OSS/Libre software).
> There is API support for this. IIRC you either need a patched version of OpenSSL (for
the original implementation), or the bleeding edge version for standard OpenSSL support. I'm
not aware of any complete solutions for this use case; you'd have to write a plugin to handle
figuring out which custom certificate to server.
>
> J
>

-- 

Sunil Vasanta
Sawridgesystems


Mime
View raw message