Webproxy accepting revoked certificates

Started by netranger, May 27, 2017, 01:15:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 27, 2017, 01:15:06 PM
Hi guys,

I was playing around with HTTPS interception and noticed that the webproxy seems to accept revoked certificates (see screenshot revoked_interception.PNG).

If I disable HTTPS interception and try the testpage again, my browser blocks this page (see screenshot revoked_nointerception.PNG).

Is there something I can do to block those certificates using the webproxy? Other certificates, for example expired ones, get blocked correctly.

Cheers,
Netranger

May 27, 2017, 01:44:45 PM #1
This post says this is an OpenSSL problem (hard to bring openssl to do the check): http://lists.squid-cache.org/pipermail/squid-users/2015-October/005894.html
Print
Go Up Pages1
User actions