Hi All: I am new to Squid, I want to try its SSL Bump, Please kindly check as below. Thanks in advance. Network topology: A, client, Windows7, IP: 10.64.12.100, B, Proxy server, Ubuntu, running Squid, IP: 10.64.12.101 A and B in the same LAN, and B can access internet, I want to A's Chrome browser access internet via B as Proxy, 1) When I config chrome's HTTP/HTTPS proxy to 10.64.12.101:3128 in squid.conf file (all A's traffic go to B's squid http_port), it is OK, Chrome browser can open web page success. HTTP Proxy, 10.64.12.101, port 3128 HTTPS Proxy, 10.64.12.101, port 3128 squid.conf: ------------------------------------------------------------------------------------------------------------------------------------ # Squid normally listens to port 3128 http_port 3128 ------------------------------------------------------------------------------------------------------------------------------------ Questions: 2) When I add https_port into squid.conf as below, and config Chrome's proxy setting as below, Chrome could not access any HTTPS web site, and Chrome display "No data received", and from squid cache.log, it shows many times. kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=10.64.12.101:3130 remote=10.64.12.100:32843 FD 12 flags=33: (92) Protocol not available HTTP Proxy, 10.64.12.101, port 3128 HTTPS Proxy, 10.64.12.101, port 3130 squid.conf: ------------------------------------------------------------------------------------------------------------------------------------ # Squid normally listens to port 3128 http_port 3128 # Https Port https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/etc/squidcert/certs/proxyCert.pem key=/usr/local/etc/squidcert/private/proxyKey.pem ssl_bump server-first all sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 5 sslproxy_flags DONT_VERIFY_PEER always_direct allow all sslproxy_cert_error allow all ------------------------------------------------------------------------------------------------------------------------------------ -- Rejoice,I Desire!
