Search squid archive

Re: ssl-bump mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/07/2013 03:29 AM, Jury Bogdanov wrote:
> Hello. I have some problems with ssl-bump mode. Can you help me, please?
> My configuration:

> https_port 192.168.56.100:3130 transparent ssl-bump
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> cert=/home/mut/squid.pem key=/home/mut/squid.key
> acl vk dstdomain .vk.com
> ssl_bump server-first vk
> http_access deny vk all

> But I can open https://vk.com

Perhaps Squid does not receive HTTPS traffic at all? Check access.log
while requesting https://vk.com

When you open https://vk.com, do you see Squid CA certificate or the
well-known Root CA certificate? If it is the former, then Squid bumped
the connection (but allowed the request). If it is the latter, then
Squid did not bump the connection (see above regarding determining
whether Squid received the connection in the first place).


HTH,

Alex.





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux