Hi there ! I want to configure a transparent proxy for HTTP and SSL. HTTP works pretty well but i'm stuck with SSL even if i use the ssl-bump feature. Right now, it almost works if i use 2 differents ports for the http_port & https_port : http_port 3129 transparent https_port 3130 ssl-bump cert=/etc/squid/ssl_cert/partproxy01-test.pem key=/etc/squid/ssl_cert/private/partproxy01-key-test.pem HTTP is ok, i get the warning about a probable man-in-the-middle attack when i tried to access a SSL web site. I did just add an exception. And i get an error : Invalid URL In the logs, i found : 1322820580.454 0 10.194.2.63 NONE/400 3625 GET /pki – NONE/- text/html When i tried to access https://www.switch.ch/pki Apparently, squid cut the URL and remove the host.domain part… When i tried to use CONNECT method and ssl-bump on http_port. I get an error in the browser “ssl_error_rx_record_too_long” or “ERR_SSL_PROTOCOL_ERROR” Any clues ? Many Thanks Ludovic
Attachment:
signature.asc
Description: This is a digitally signed message part