What about the looping in the browser? Y getting re-directed to the same URL again? I have posted this as a seperate question on the forum? How is it possible, in what configuration to access https pages while running squid? You may want to answer on the 2nd question..Thanks -talha On Fri, Apr 13, 2012 at 12:03 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 12/04/2012 10:08 p.m., Ahmed Talha Khan wrote: >> >> Also >> Will "tranparent" work on https_port? The bowser makes a connection of >> 443 which i redirect to squid. So will it let the webpages open? They >> are not opening for me > > > On Squid 3.0 and 2.x yes (3.1+ use "intercept" now) . All it does is tell > Squid to lookup the local kernel NAT tables for client IP information > instead of trusting the TCP packet, and that the request should have some > other special origin server specific processing applied. > > The problem with https_port intercept has always been, and remains in the > current Squid, that the SSL certificate sent to the client does not match > the domain the client is contacting. They get a TLS security alert message > on every new connection attempt. The dynamic cert generation feature in 3.2 > helps, but intercepted HTTPS still mostly lacks the domain name details the > generator needs to produce a valid cert (requires SSL SNI feature, which is > *legally* risky for most of us dev to implement no techincal problem). > > Amos > -- Regards, -Ahmed Talha Khan
