trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Crow <>
Subject SSL bumping/peek/splice
Date Fri, 27 Feb 2015 20:04:11 GMT

Does there exist any mechanism in ATS configured as a forward proxy to 
allow proxying and inspection of HTTPS/SSL traffic between corporate 
browsers (I say this as we have users accept terms of usage for our 
systems) with a corporate CA added to their CA store and dynamically 
generate certs from the corp CA key impersonating the original site?

FYI this is for the purpose of, very much primarliy, scanning for 
malicious content and enabling caching of static objects retrieved via 
https:// URLs (which would be a bonus but not essential).

For those that have done such a thing in Squid the Squid docs call these 
features as in the subject line. Commercial proxies such as Bluecoat and 
Barracuda offer this too - we've had some probs with Squid's 
implementation recently and are looking for an alternative (which for 
obvious reasons I'd prefer to be OSS/Libre software).

Any help much appreciated.


View raw message