On 15/12/10 23:58, Alex Crow wrote:
On 15/12/10 07:11, Oguz Yilmaz wrote:
Squid conf param:
https_port 8443 cert=/etc/squid/certs/sslfilter.crt
key=/etc/squid/certs/sslfilter.key protocol=https accel vhost
defaultsite=google.com
The way I have created the certificate and key:
I think that config is incorrect. From the SSL Bump Wiki page
(http://wiki.squid-cache.org/Features/SslBump)
He is trying to do this the illegal way with MITM on native port 443
HTTPS traffic flow.
ssl-bump only works with CONNECT where the browser has delegated the SSL
tunnel setup to Squid. Ssl-bump then MITMs the key handshake with a cert
created from the tunnel hostname:port provided by the browser.
Oguz:
you are going to have to create a wildcard cert for the '.' root zone
or each of the 240-odd TLDs and cc-TLDs.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3
