Search squid archive

Re: Using squid as transparent proxy causes problem with pages on https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So whats the advantage of the ssl_bump feature left then if it cannot
act as an ssl endpoint. Does squid not support ssl end-point
termination?

-talha

On Wed, Apr 11, 2012 at 2:55 PM, Michał Wiącek <mwiacek@xxxxxxxxxxxx> wrote:
> Redirecting ssl connections not work - all ssl connection is like where to
> connect and encrypted message, so if you change where to connect proxy will
> not know where to send connection (there is a way to use many ports and that
> ports connect to specified host but this is messy).
> You can only change setting in browser - to use Proxy (and even set to http
> port, https port is only to secure trafic betwen your comp and gateway ,
> what is usually not needed).
>
> Mike
>
> -----Original Message-----
> From: Ahmed Talha Khan [mailto:auny87@xxxxxxxxx]
> Sent: Wednesday, April 11, 2012 11:31 AM
> To: squid-users@xxxxxxxxxxxxxxx
> Cc: Talha Khan
> Subject:  Using squid as transparent proxy causes problem with
> pages on https
>
> Hey,
>
> I have configured squid to act as a transparent proxy. i also want to
> bump the ssl connections. However i am unable to open the https
> pages.The browser keeps going in loops and says that the page isnt
> redirecting properly(firefox) or has redirect-loops(chrome).
>
> I then removed the ssl-bump configuration from the http_port
> definition but the problem still persists.
>
> My setup is like this. I have 2 linux boxes, one acting as the default
> gateway of the other. I am running squid on the 2nd box. All ip-table
> entries are good as http traffic is going along smoothly.
>
> Can anybody help. My conf file looks like this
>
>
> cache_effective_user talha
> always_direct allow all
> ssl_bump allow all
>
>
>
> # Squid normally listens to port 3128
> http_port 192.168.8.105:3128 transparent ssl-bump
> cert=/home/talha/squid/www.sample.com.pem
> key=/home/talha/squid/www.sample.com.pem
> https_port 192.168.8.105:3129 transparent ssl-bump
> cert=/home/talha/squid/www.sample.com.pem
> key=/home/talha/squid/www.sample.com.pem
>
>
> Even removing the ssl-bump option does not solve the problem
>
>
>
>
>
> --
> Regards,
> -Ahmed Talha Khan
>



-- 
Regards,
-Ahmed Talha Khan



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux