> Hi > > I know this question has been asked before but I didn't quite comprehend the answer. > > I have got squid working as an explicit SSL proxy using SSLbump with Dynamic SSL certs. > > I have also managed to get it working as a transparent proxy. > > When I try the combination of the above 2 it doesn't seem to work. > > It seems to be rewriting my https requests to http. Also dynamic ssl certs doesn't seem to be working. However squid definitely intercepts the request so it seems like the NAT bit is fine. I am not sure about the code in 3.2 but i faced a similar issue in 3.1.19 and i think the problem is still lurking in 3.2 as well. You might want to look at http://bugs.squid-cache.org/show_bug.cgi?id=2976. There is a hard-coded value that causes all requests to be forcibly written to "http" even "https". You can reverse it via this patch http://bugs.squid-cache.org/attachment.cgi?id=2375 > > When I browse a website that's listening on 443 only I get "Zero Sized Reply" and when I browse a website that's listening on both 80/443 it works sometimes but the certificate is wrong. > > This person seems to have it working > > http://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/ > > and I am pretty much copying his config. > > Here is my relevant config > > --------------------------------------------------------------- > http_port 3128 transparent > https_port 3129 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem > http_port 8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem > > always_direct allow all > ssl_bump allow all > # the following two options are unsafe and not always necessary: > sslproxy_cert_error allow all > sslproxy_flags DONT_VERIFY_PEER > -------------------------------------------------------------- > > Thanks > > Daniel > > -- Regards, -Ahmed Talha Khan