Stefan Reible wrote:
Hi,
I want to use https with the viralator (http ist working).
I'm prerouting Port 80 to Port 3128 for http.
Is there an option like https_port in my version?
Now I want to set following option in squid.conf:
http_port 3128 sslBump
cert=/etc/squid/ssl_cert/proxy.testdomain.deCert.pem
key=/etc/squid/ssl_cert/private/proxy.testdomain.deKey_without_Passphrase.pem
but I get:
squid1 ~ # squid -D
FATAL: Bungled squid.conf line 9: http_port 3128 sslBump
cert=/etc/squid/ssl_cert/proxy.testdomain.deCert.pem
key=/etc/squid/ssl_cert/private/proxy.testdomain.deKey_without_Pp.pem
Squid Cache (Version 3.0.STABLE19): Terminated abnormally
The squid should run in transparent mode.
_Which_ 'transparent' mode?
* WPAD transparent configuration
* Domain policy transparent configuration
* NAT interception
* TPROXY interception
* transparent HTTP traffic relay
* transparent authentication (single-sign-on)
* transparent encoding crypto.
I know it sounds like I'm being pedantic, but the specific meaning does
matter with Squid.
Thank you very mutch for viralator support, it`s very nice ;)
Stefan
Some factums worth knowing:
* 3.0 does not support sslBump or any other form of HTTPS
man-in-middle attacks. 3.1 is required for that.
* sslBump in 3.1 requires that the client machines all have a CA
certificate installed to make them trust the proxy for decryption.
* sslBump requires clients to be configured for using the proxy. (Some
of the 'transparent' above work this way some do not.)
Amos
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
Current Beta Squid 3.1.0.18
