I've just updated to the most recent squid version (compiled with --enable-ssl *and* --enable-ssl-crtd): ./squid -v Squid Cache: Version 3.2.3-20121031-r11695 I can start squid without any errors, but when I try to connect to the daemon the connection gets terminated immediately (using the same cfg as before): $ telnet 10.0.1.1 3128 Trying 10.0.1.1... Connected to 10.0.1.1. Escape character is '^]'. Connection closed by foreign host. While cache.log shows: <timestamp> kid1| BUG: Orphan Comm::Connection: local=10.0.1.1:3128 remote=10.0.1.1:51288 FD 10 flags=33 <timestamp> kid1| NOTE: 1 Orphan since last started Unfortunately I have no idea what Squid tries to tell me.... In fact HTTP and HTTPS are not working now :-( Ideas? ---------------------------------------- > From: heinrichhirtzel99@xxxxxxxxxxx > To: squid-users@xxxxxxxxxxxxxxx > Date: Wed, 31 Oct 2012 16:49:37 +0100 > Subject: RE: Squid and SSL interception (ssl-bump) > > > Hi Eliezer > > > what iptables rules have you used? > > also you better use squid 3.2 for ssl-bump. > iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 81 -j REDIRECT --to-port 3128 > iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 443 > > > also you better use squid 3.2 for ssl-bump. > K, will try that. Stay tuned :-) > > > take a look at: > > http://wiki.squid-cache.org/Features/SslBump > > and > > http://wiki.squid-cache.org/Features/DynamicSslCert > > I've read through them for at least 10 times (I'm not kidding) and tried various different configurations without finding any solution. Maybe I simply missed something :-/ > > Do I need to compile squid with '--enable-ssl-crtd' or is '--enable-ssl' enough? > > Regards, > Heinrich > > ---------------------------------------- > > Date: Wed, 31 Oct 2012 17:40:38 +0200 > > From: eliezer@xxxxxxxxxxxx > > To: squid-users@xxxxxxxxxxxxxxx > > Subject: Re: Squid and SSL interception (ssl-bump) > > > > On 10/31/2012 5:33 PM, Heinrich Hirtzel wrote: > > > Hello > > > > > > For a school project I'm trying to intercept SSL connections by using Squid (client -> squid (transparent) -> server). > > > I'm running Squid 3.1.20 on Ubuntu server 12.10 (64 bit) using the following configuration: > > > > > > ************************************* > > > http_port 10.0.1.1.:3128 intercept > > > https_port 10.0.1.1.:443 ssl-bump cert=/user/local/squid3/ssl_cert/myCA.pm > > If i remeber right you shoudl use http and not https > > > > > > > > acl our_networks src 10.0.1.0/24 > > > http_access allow our_networks > > > forwarded_for off > > > ssl_bump allow all > > > sslproxy_cert_error allow all > > > sslproxy_flags DONT_VERIFY_PEER > > > ************************************* > > what iptables rules have you used? > > also you better use squid 3.2 for ssl-bump. > > > > what were you reading about ssl-bump? > > > > take a look at: > > http://wiki.squid-cache.org/Features/SslBump > > and > > http://wiki.squid-cache.org/Features/DynamicSslCert > > > > Regards, > > Eliezer > > > > -- > > Eliezer Croitoru > > https://www1.ngtech.co.il > > IT consulting for Nonprofit organizations > > eliezer <at> ngtech.co.il >
