On 10/31/2012 5:33 PM, Heinrich Hirtzel wrote:
Hello For a school project I'm trying to intercept SSL connections by using Squid (client -> squid (transparent) -> server). I'm running Squid 3.1.20 on Ubuntu server 12.10 (64 bit) using the following configuration: ************************************* http_port 10.0.1.1.:3128 intercept https_port 10.0.1.1.:443 ssl-bump cert=/user/local/squid3/ssl_cert/myCA.pm
If i remeber right you shoudl use http and not https
acl our_networks src 10.0.1.0/24 http_access allow our_networks forwarded_for off ssl_bump allow all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER *************************************
what iptables rules have you used? also you better use squid 3.2 for ssl-bump. what were you reading about ssl-bump? take a look at: http://wiki.squid-cache.org/Features/SslBump and http://wiki.squid-cache.org/Features/DynamicSslCert Regards, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il
