So whats the advantage of the ssl_bump feature left then if it cannot act as an ssl endpoint. Does squid not support ssl end-point termination? -talha On Wed, Apr 11, 2012 at 2:55 PM, Michał Wiącek <mwiacek@xxxxxxxxxxxx> wrote: > Redirecting ssl connections not work - all ssl connection is like where to > connect and encrypted message, so if you change where to connect proxy will > not know where to send connection (there is a way to use many ports and that > ports connect to specified host but this is messy). > You can only change setting in browser - to use Proxy (and even set to http > port, https port is only to secure trafic betwen your comp and gateway , > what is usually not needed). > > Mike > > -----Original Message----- > From: Ahmed Talha Khan [mailto:auny87@xxxxxxxxx] > Sent: Wednesday, April 11, 2012 11:31 AM > To: squid-users@xxxxxxxxxxxxxxx > Cc: Talha Khan > Subject: Using squid as transparent proxy causes problem with > pages on https > > Hey, > > I have configured squid to act as a transparent proxy. i also want to > bump the ssl connections. However i am unable to open the https > pages.The browser keeps going in loops and says that the page isnt > redirecting properly(firefox) or has redirect-loops(chrome). > > I then removed the ssl-bump configuration from the http_port > definition but the problem still persists. > > My setup is like this. I have 2 linux boxes, one acting as the default > gateway of the other. I am running squid on the 2nd box. All ip-table > entries are good as http traffic is going along smoothly. > > Can anybody help. My conf file looks like this > > > cache_effective_user talha > always_direct allow all > ssl_bump allow all > > > > # Squid normally listens to port 3128 > http_port 192.168.8.105:3128 transparent ssl-bump > cert=/home/talha/squid/www.sample.com.pem > key=/home/talha/squid/www.sample.com.pem > https_port 192.168.8.105:3129 transparent ssl-bump > cert=/home/talha/squid/www.sample.com.pem > key=/home/talha/squid/www.sample.com.pem > > > Even removing the ssl-bump option does not solve the problem > > > > > > -- > Regards, > -Ahmed Talha Khan > -- Regards, -Ahmed Talha Khan
