Hello,
I am trying to configure a Squid (v3.1.11) proxy for SSL connections
between hosts on the LAN and servers on the internet. The traffic is
routed through the host on which Squid runs and iptables are used to
redirect traffic to ports 80 and 443 to ports 3128 and 3130,
respectively. Simple HTTP caching works well. First attempt is a miss
and subsequent ones are hits. For HTTPS, however, there are no hits,
only misses, even though the requested page is in the Squid's cache. I
would greatly appreciate any help.
The Squid configuration is based on the default file, with following
modifications (I understand that some of these are security risks, but
currently it is in testing environment and the only goal is to make it
work):
http_port 3128 intercept
https_port 3130 intercept ssl-bump cert=/etc/certs/beta-srv.crt
key=/etc/certs/beta-srv.key
always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
The log entry when a client attempts to retrieve a page from a server:
Jan 2 23:51:10 beta squid: 1325573470.788 25 192.168.10.2
TCP_MISS/200 388 GET https://192.168.11.2/ - DIRECT/192.168.11.2 text/html
The cache file (the garbled part at the beginning is left out):
https://192.168.11.2/^@HTTP/1.1 200 OK^M
Date: Sat, 07 Jan 2012 21:22:42 GMT^M
Server: Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0d^M
Last-Modified: Fri, 06 Jan 2012 16:25:09 GMT^M
ETag: "10d-31-4b5de7e0d2340"^M
Accept-Ranges: bytes^M
Content-Length: 49^M
Keep-Alive: timeout=5, max=100^M
Connection: Keep-Alive^M
Content-Type: text/html^M
^M
<html><body><h1>It is secure!</h1></body></html>
Please let me know if some other information would be useful.
Best,
Damir