I'm not sure you can use sslbump in transparent mode. I remember reading something to that effect. There are also articles like this that might help: https://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/ Sean On 2 December 2011 13:02, Maret Ludovic <Ludovic.Maret@xxxxxxxxxx> wrote: > Hi there ! > > I want to configure a transparent proxy for HTTP and SSL. HTTP works > pretty well but i'm stuck with SSL even if i use the ssl-bump feature. > > Right now, it almost works if i use 2 differents ports for the http_port > & https_port : > > http_port 3129 transparent > https_port 3130 ssl-bump cert=/etc/squid/ssl_cert/partproxy01-test.pem > key=/etc/squid/ssl_cert/private/partproxy01-key-test.pem > > HTTP is ok, i get the warning about a probable man-in-the-middle attack > when i tried to access a SSL web site. I did just add an exception. And > i get an error : Invalid URL > > In the logs, i found : > > 1322820580.454 0 10.194.2.63 NONE/400 3625 GET /pki – NONE/- text/html > > When i tried to access https://www.switch.ch/pki > Apparently, squid cut the URL and remove the host.domain part… > > When i tried to use CONNECT method and ssl-bump on http_port. I get an > error in the browser “ssl_error_rx_record_too_long” or > “ERR_SSL_PROTOCOL_ERROR” > > Any clues ? > > Many Thanks > > Ludovic
