Search squid archive

Re: https could not access with ssl bump in squid 3.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Amos:
Thanks for your quick feedback.
1) I do not much understand your said about connect to host
10.64.12.100, I just find it in B (10.64.12.101) squid cache.log,

2) I do not add any other setting in squid.conf about interception.

3) As you mentioned, https_port requires NAT interception, so in my
scenario, A, B are in the same LAN, and I want to A use B as HTTPS
proxy, and I want to use SSL bump to monitor A's HTTPS content. so is
there any way that can meet it?

On Wed, Feb 26, 2014 at 2:36 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 2014-02-26 16:15, Jerry OELoo wrote:
>>
>> Hi All:
>> I am new to Squid, I want to try its SSL Bump, Please kindly check as
>> below. Thanks in advance.
>>
>> Network topology:
>>
>> A, client, Windows7, IP: 10.64.12.100,
>> B, Proxy server, Ubuntu, running Squid, IP: 10.64.12.101
>>
>
> Okay. However that log snippet below says that the website your client is
> trying to connect to is being hosted on 10.64.12.100 port 32843.
>
>
>
>> kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
>> local=10.64.12.101:3130 remote=10.64.12.100:32843 FD 12 flags=33: (92)
>> Protocol not available
>
>
> How is the interception being done?
>
>
>
>> # Https Port
>> https_port 3130 intercept ssl-bump generate-host-certificates=on
>> dynamic_cert_mem_cache_size=4MB
>> cert=/usr/local/etc/squidcert/certs/proxyCert.pem
>> key=/usr/local/etc/squidcert/private/proxyKey.pem
>>
>
> This port configuration requires NAT interception.
>
> Amos



-- 
Rejoice,I Desire!




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux