-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please outline which of the 7 statements you mean by "this". Amos On 17/04/2014 2:38 p.m., James Lay wrote: > From the squid.conf.documented: > > # SSL Bump Mode Options: # In addition to these > options ssl-bump requires TLS/SSL options. # # > generate-host-certificates[=<on|off>] # > Dynamically create SSL server certificates for the # > destination hosts of bumped CONNECT requests.When # > enabled, the cert and key options are used to sign # > generated certificates. Otherwise generated # > certificate will be selfsigned. # If there is > a CA certificate lifetime of the generated # > certificate equals lifetime of the CA certificate. If # > generated certificate is selfsigned lifetime is three # > years. # This option is enabled by default > when ssl-bump is used. # See the ssl-bump > option above for more information. > > I did not find this to be the case and had to add it to my > https_ports line: > > https_port bleh:3129 intercept generate-host-certificates=on > ssl-bump cert=/opt/sslsplit/sslsplit.crt > key=/opt/sslsplit/sslsplitca.key options=ALL > > Thank you. > > James > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTUUGOAAoJELJo5wb/XPRj0y4IANdveekbpjcjs0mP/SyxNb3X +9Oo2WekHaBM4jsyEKnfBoWfIrONCFVfQhtjSBVlWFFcoekUT4l21B8D2sK+Ytq1 ch0czzI2/jKDAnHca/wL2R0BGdnoxxAQ4cA6iUTQmN1cOnpKpxRZEf8068Awaf3j jEyXPls9W1rXHKDKiKLNJyAh4uhm7cWYEqS58xPnVx5LZEf5pKwYXPV7lXgkjggJ FTbw9OmL54iWPkcX5yvdF2sA0pVLo5511hbe2XSc7Jdv6yvifQEzwwA/ROBSCruF GVz++38JWaYMzmqw+xn3qgWYgvgKaGb+hlmYte9WI2koygUVWxUrmc5tKo6BOf8= =pQt0 -----END PGP SIGNATURE-----
