Hi, I have configured Squid 2.6 STABLE3 NT accelerate mode with SSL on Windows. If you want to do the same thing, you can download my package and replace some web site then it will be yours. All you have to do is to replace the backend website name in the /squid/etc/squid.conf file. After you unzip the package at C drive root directory, all you have to do is to go to the /squid/etc directory and fire the command "go". If you want to stop Squid, all you have to do is to fire the command stop. The place to download the package is at http://breakevilaxis.org/squid-usa.zip There is a program called ddint.exe. This is used to produce crazy random strings to put in the certificates to make your certificates hard to be identified. If your web site have some words like democracy and human rights, the Communist China government will block your web site by filtering out your certificates and send a RESET packet to you and your clients. So I create a new certificate every time I start Squid. I put source code for ddint.exe here in case you worry about it is a virus. You can compile it with C++. At the end, it is a workable squid.conf file. I worked several weeks to get this file. #include "stdafx.h" #include <stdlib.h> #include <stdio.h> #include <string.h> #include <time.h> #include <iostream> using namespace System; using namespace std; void r16string(int ); static char c[64]={'1','q','a','z','2','w','s','x','3','e','d','c','4','r','f','v','5','t','g','b','6','y','h','n','7','u','j','m','8','i','k','T','9','S','o','l','p','0','P','O','I','U','Y','T','R','E','W','Q','A','S','D','F','G','H','J','K','L','M','N','B','V','C','X','Z'}; static char s[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'}; static char CN[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'}; static char L[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'}; static char O[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'}; static char OU[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'}; static char ST[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'}; static char PASSWORD[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'}; static char emailname[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'}; static char emailcompany[64]={'1','2','3','4','5','6','7','8','9','0','1','2','3','4','5','6','7','8','9','0','1','2','3','4'}; static char* d[16]={"US","CA","DE","CN","KR","BR","FR","JP","IT","BG","TW","UK","RU","CZ","CH","AU"}; int main(void) { int rand64; int l=5; char * C; srand((unsigned) time(NULL)); int rand16 = rand(); rand16 = rand(); rand16 &=0x000F; C = d[rand16]; cout << "openssl req -new -x509 -keyout c:\\squid\\etc\\demoCA\\private\\cakey.pem -out c:\\squid\\etc\\demoCA\\cacert.pem -days 365 -subj /C="; cout<< C <<"/ST="; rand16 = rand(); rand16 &=0x000F; rand16 +=l; for ( int i=0; i < rand16; i++) { rand64=rand(); rand64 &= 0x003F; ST[i] = c[rand64]; } ST[rand16]=0; cout<<ST<<"/L="; rand16 = rand(); rand16 &=0x000F; rand16 +=l; for ( int i=0; i < rand16; i++) { rand64=rand(); rand64 &= 0x003F; L[i] = c[rand64]; } L[rand16]=0; cout<<L<<"/OU="; rand16 = rand(); rand16 &=0x000F; rand16 +=l; for ( int i=0; i < rand16; i++) { rand64=rand(); rand64 &= 0x003F; OU[i] = c[rand64]; } OU[rand16]=0; cout <<OU<<"/O="; rand16 = rand(); rand16 &=0x000F; rand16 +=l; for ( int i=0; i < rand16; i++) { rand64=rand(); rand64 &= 0x003F; O[i] = c[rand64]; } O[rand16]=0; cout<<O<<"/CN="; rand16 = rand(); rand16 &=0x000F; rand16 +=l; for ( int i=0; i < rand16; i++) { rand64=rand(); rand64 &= 0x003F; CN[i] = c[rand64]; } CN[rand16]=0; cout <<CN<<"/emailAddress="; rand16 = rand(); rand16 &=0x000F; rand16 +=l; for ( int i=0; i < rand16; i++) { rand64=rand(); rand64 &= 0x003F; emailname[i] = c[rand64]; } emailname[rand16]=0; cout<<emailname<<"@"; rand16 = rand(); rand16 &=0x000F; rand16 +=l; for ( int i=0; i < rand16; i++) { rand64=rand(); rand64 &= 0x003F; emailcompany[i] = c[rand64]; } emailcompany[rand16]=0; cout<<emailcompany<<".com -passout pass:"; rand16 = rand(); rand16 &=0x000F; rand16 +=l; for ( int i=0; i < rand16; i++) { rand64=rand(); rand64 &= 0x003F; PASSWORD[i] = c[rand64]; } PASSWORD[rand16]=0; cout<<PASSWORD <<"\n"; cout << "c:\\openssl\\bin\\openssl.exe req -new -keyout key.pem -out req.pem -days 365 -subj /C="<<C<<"/ST="<<ST<<"/L="<<L<<"/OU="<<OU<<"/O="<<O<<"/CN="<<CN<<"/emailAddress="<<emailname<<"@"<<emailcompany<<".com -passout pass:"<<PASSWORD << "\n"; cout << "copy key.pem key.pem.old \n"; cout << "c:\\openssl\\bin\\openssl.exe rsa -in key.pem.old -out key.pem -passin pass:"<<PASSWORD<<"\n"; cout <<"c:\\openssl\\bin\\openssl.exe ca -in c:\\squid\\etc\\req.pem -out c:\\squid\\etc\\cert.pem -passin pass:"<<PASSWORD<<" -batch\n"; return 0; } http_port 127.0.0.1:80 defaultsite=ddint.org https_port 443 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem defaultsite=zyzg.org.ru https_port 8443 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem defaultsite=breakevilaxis.org https_port 9000 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem defaultsite=qxbbs.org https_port 9001 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem defaultsite=bbs.futurechinaforum.org https_port 9003 cert=c:\squid\etc\cert.pem key=c:\squid\etc\key.pem defaultsite=www.peacehall.com cache_peer www.peacehall.com parent 80 0 originserver name=peacehall cache_peer breakevilaxis.org parent 80 0 originserver name=breakevilaxis cache_peer qxbbs.org parent 80 0 originserver name=qxbbs cache_peer bbs.futurechinaforum.org parent 80 0 originserver name=futurechinaforum cache_peer zyzg.org.ru parent 80 0 originserver name=zyzg cache_peer ddint.org parent 80 0 originserver name=ddint hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log c:/squid/var/logs/access.log squid debug_options ALL,9 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl breakevilaxis.org dstdomain breakevilaxis.org acl www.peacehall.com dstdomain www.peacehall.com acl qxbbs.org dstdomain qxbbs.org acl bbs.futurechinaforum.org dstdomain bbs.futurechinaforum.org acl zyzg.org.ru dstdomain zyzg.org.ru acl ddint.org dstdomain ddint.org acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 563 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT http_access allow zyzg.org.ru http_access allow www.peacehall.com http_access allow ddint.org #http_access allow www.dajiyuan.com http_access allow breakevilaxis.org http_access allow bbs.futurechinaforum.org http_access allow qxbbs.org http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow all http_reply_access allow all icp_access allow all cache_peer_access zyzg allow zyzg.org.ru cache_peer_access peacehall allow www.peacehall.com cache_peer_access breakevilaxis allow breakevilaxis.org cache_peer_access futurechinaforum allow bbs.futurechinaforum.org cache_peer_access qxbbs allow qxbbs.org #cache_peer_access dajiyuan allow www.dajiyuan.com cache_peer_access ddint allow ddint.org visible_hostname ddint.org coredump_dir c:/squid/var/cache
