This is the snippet of what we use to SSL bump browser CONNECT requests which have proxy settings explicitly set to use Squid (only selected sites are bumped). <skip> http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/opt/quintolabs/qlproxy/myca.pem sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB always_direct allow all acl qlproxy_https_exclusions dstdomain "/etc/opt/quintolabs/qlproxy/squid/https_exclusions.conf" acl qlproxy_https_targets dstdomain "/etc/opt/quintolabs/qlproxy/squid/https_targets.conf" ssl_bump none localhost ssl_bump server-first qlproxy_https_targets ssl_bump none all <skip> P.S. Ubuntu 13, Debian 7 x64 with adjusted Squid compilation --enable-ssl --enable-ssl-crtd -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Friday, November 22, 2013 2:40 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: anyOne who has working ssl_bump configuration for facebook ??? On 23/11/2013 2:22 a.m., Víctor Fernández Martínez wrote: > Hi, > > I use the ssl_bump and Facebook works flawlessly. > > - Did you import the ssl_bump root CA certificate into the client > you're using to browse those websites? > - Which kind of certificate errors do you get? Which browser are you using? > And which of the 8 different configurations of ssl-bump are you using? ie provide your squid.conf snipppets please. Amos
