From the docs: # none # Become a TCP tunnel without decoding the connection. # Works with both CONNECT requests and intercepted SSL # connections. This is the default behavior when no # ssl_bump option is given or no ssl_bump ACLs match. I have the below: acl broken_sites dstdomain .textnow.me acl broken_sites dstdomain .akamaiedge.net acl broken_sites dstdomain .akamaihd.net acl broken_sites dstdomain .apple.com sslproxy_cert_error allow broken_sites sslproxy_cert_error deny all sslproxy_options ALL ssl_bump none broken_sites ssl_bump server-first all The above sites however still will not function..packet captures show the below: 135 136 2014-04-26 09:10:41.040857 192.168.1.110 -> 209.59.180.54 TCP 74 44955 > 443 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSval=21160983 TSecr=0 WS=2 137 2014-04-26 09:10:41.040934 209.59.180.54 -> 192.168.1.110 TCP 74 443 > 44955 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=22194209 TSecr=21160983 WS=16 138 2014-04-26 09:10:41.043198 192.168.1.110 -> 209.59.180.54 TCP 66 44955 > 443 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSval=21160986 TSecr=22194209 139 2014-04-26 09:10:41.045514 192.168.1.110 -> 209.59.180.54 SSL 146 Client Hello 140 2014-04-26 09:10:41.045589 209.59.180.54 -> 192.168.1.110 TCP 66 443 > 44955 [ACK] Seq=1 Ack=81 Win=14480 Len=0 TSval=22194210 TSecr=21160986 141 2014-04-26 09:10:41.321754 209.59.180.54 -> 192.168.1.110 TLSv1 2962 Server Hello 142 2014-04-26 09:10:41.321804 209.59.180.54 -> 192.168.1.110 TLSv1 240 Certificate 143 2014-04-26 09:10:41.688021 192.168.1.110 -> 209.59.180.54 TCP 66 44955 > 443 [ACK] Seq=81 Ack=1449 Win=8736 Len=0 TSval=21161150 TSecr=22194279 144 2014-04-26 09:10:41.696392 192.168.1.110 -> 209.59.180.54 TCP 66 44955 > 443 [ACK] Seq=81 Ack=2897 Win=11632 Len=0 TSval=21161151 TSecr=22194279 145 2014-04-26 09:10:41.697215 192.168.1.110 -> 209.59.180.54 TCP 66 44955 > 443 [ACK] Seq=81 Ack=3071 Win=14528 Len=0 TSval=21161152 TSecr=22194279 146 2014-04-26 09:10:41.743603 192.168.1.110 -> 209.59.180.54 TLSv1 632 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 147 2014-04-26 09:10:41.743656 209.59.180.54 -> 192.168.1.110 TCP 66 443 > 44955 [ACK] Seq=3071 Ack=647 Win=15616 Len=0 TSval=22194385 TSecr=21161165 148 2014-04-26 09:10:41.744205 192.168.1.110 -> 209.59.180.54 TCP 66 44955 > 443 [FIN, ACK] Seq=647 Ack=3071 Win=14528 Len=0 TSval=21161165 TSecr=22194279 149 2014-04-26 09:10:41.781873 209.59.180.54 -> 192.168.1.110 TCP 66 443 > 44955 [ACK] Seq=3071 Ack=648 Win=15616 Len=0 TSval=22194395 TSecr=21161165 150 2014-04-26 09:10:41.844906 209.59.180.54 -> 192.168.1.110 TLSv1 109 Change Cipher Spec, Encrypted Handshake Message 151 2014-04-26 09:10:41.845076 209.59.180.54 -> 192.168.1.110 TLSv1 89 Encrypted Alert 152 2014-04-26 09:10:41.845196 209.59.180.54 -> 192.168.1.110 TCP 66 443 > 44955 [FIN, ACK] Seq=3137 Ack=648 Win=15616 Len=0 TSval=22194410 TSecr=21161165 153 2014-04-26 09:10:41.850790 192.168.1.110 -> 209.59.180.54 TCP 60 44955 > 443 [RST] Seq=648 Win=0 Len=0 154 2014-04-26 09:10:41.853153 192.168.1.110 -> 209.59.180.54 TCP 60 44955 > 443 [RST] Seq=648 Win=0 Len=0 155 2014-04-26 09:10:41.853748 192.168.1.110 -> 209.59.180.54 TCP 60 44955 > 443 [RST] Seq=648 Win=0 Len=0 This is on a linux machine with two interfaces acting as a router, one nic internal, the other external. Thanks for any assistance you can give. James PS..I find it hilarious that a mailing list about web proxy doesn't accept html formated emails :D ezmlm-reject: fatal: Sorry, a message part has an unacceptable MIME Content-Type: multipart/alternative (#5.2.3) Sorry, for security reasons this list only accepts plain text email and no large attachments. Please configure your mail client accordingly
Attachment:
signature.asc
Description: This is a digitally signed message part
