Feature #1775
SSL proxy
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-squid | |||
Target version: | v6.4-beta2 | |||
Resolution: | NEEDINFO: | No |
Description
Add SSL to proxy implementing a MITM attack scenario.
Candidate: SQUID 3.3
Related issues
Associated revisions
nethserver-base-check-certificate: always regenerate default certificates. Usefull for services like squid. Refs #1775
nethserver-base-check-certificate: always regenerate default certificates. Usefull for services like squid. Refs #1775
History
#1 Updated by Giacomo Sanchietti over 8 years ago
- Target version changed from ~FUTURE to v6.4-beta2
#2 Updated by Giacomo Sanchietti about 8 years ago
- Status changed from NEW to ON_QA
- % Done changed from 0 to 80
Each client must import NSRV.crt as root CA.
#4 Updated by Giacomo Sanchietti about 8 years ago
- Status changed from ON_QA to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 80 to 30
Needs documentation.
#5 Updated by Giacomo Sanchietti about 8 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 70
Implementation is nethserver-squid package.
#6 Updated by Giacomo Sanchietti about 8 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 70 to 80
- nethserver-squid-1.0.0-1
- squid-3.3.5-1
- Install:
yum --enablerepo=nethserver-testing install nethserver-squid
- Enable transprent_ssl mode using web interface
- Install server certificate on a client
- Try to open an ssl site
#7 Updated by Davide Principi about 8 years ago
- Assignee deleted (
Giacomo Sanchietti)
ON_QA: Assignee reset
#8 Updated by Davide Principi about 8 years ago
- Assignee set to Davide Principi
#11 Updated by Davide Principi about 8 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 70 to 90
VERIFIED
- NethServer server&gateway
- Client WinXP
- server-manager certificate installed as trusted root CA
- IE 6.0
:\
OK - Firefox 22.0 OK
Squid returns its trusted certificate only if the remote site has a trusted certificate.
If the remote site is not trusted, an untrusted certificate (built on the fly) is returned to the client. The common name (CN) field of a such certificate contains the string
Not trusted by "yourserver.domain"
RPMs:
nethserver-smartd-1.0.0-1.ns6.noarch postfix-2.9.6-2.ns6.x86_64 nethserver-lightsquid-1.0.2-1.ns6.noarch nethserver-nethgui-1.2.2-1.ns6.noarch dovecot-antispam-0.0.49-1.ns6.x86_64 nethserver-backup-config-1.0.3-1.ns6.noarch nethserver-samba-1.3.6-1.ns6.noarch nethserver-httpd-admin-1.0.4-1.ns6.noarch nethserver-openssh-1.0.2-1.ns6.noarch nethserver-shorewall-1.0.0-1.ns6.noarch nethserver-lib-1.3.0-1.ns6.noarch nethserver-directory-1.2.2-1.ns6.noarch nethserver-antivirus-1.0.3-1.ns6.noarch nethserver-mail-common-1.2.1-1.ns6.noarch nethserver-php-1.1.0-1.ns6.noarch nethserver-ntp-1.0.4-1.ns6.noarch nethserver-httpd-2.2.1-1.ns6.noarch nethserver-firewall-base-1.0.3-1.ns6.noarch nethserver-yum-1.1.1-1.ns6.noarch nethserver-mail-server-1.4.4-1.ns6.noarch nethserver-hosts-1.0.4-1.ns6.noarch nethserver-grub-1.0.1-1.ns6.noarch nethserver-squid-1.0.2-1.ns6.noarch nethserver-base-1.4.0-1.ns6.noarch nethserver-mail-filter-1.1.1-1.ns6.noarch nethserver-dnsmasq-1.0.4-1.ns6.noarch
#12 Updated by Davide Principi about 8 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Moved to nethserver-updates repository