Hi Amos ,
I have NAT'ed tcp port 80 and 443 to 3128 and 3129 as below:
iptables -t nat -A PREROUTING -i eth1 -s 10.0.0.0/24 -p tcp -m tcp -m
multiport --dports 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth1 -s 10.0.0.0/24 -p tcp -m tcp -m
multiport --dports 443 -j REDIRECT --to-ports 3129
and configured squid port as:
# HTTP browser explicit proxy config
http_port 8080
# HTTP port 80 NAT'ed
http_port 3128 intercept ssl-bump
generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=cert.crt key=cert.key
options=...
# HTTPS port 443 NAT'ed
https_port 3129 intercept ssl-bump
generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=cert.crt key=cert.key
options=...
as I'm running squid in transparent mode and used ssl-bump server-first
option. I have imported my certificate in the Firefox browser. I want to
allow all SSL/TLS version,
so I have mentioned as "options=" in port configuration as mentioned in docs
options= Various SSL implementation options. The most important
being:
NO_SSLv2 Disallow the use of SSLv2
NO_SSLv3 Disallow the use of SSLv3
NO_TLSv1 Disallow the use of TLSv1.0
NO_TLSv1_1 Disallow the use of TLSv1.1
NO_TLSv1_2 Disallow the use of TLSv1.2
SINGLE_DH_USE Always create a new key when using
temporary/ephemeral DH key exchanges
ALL Enable various bug workarounds
suggested as "harmless" by OpenSSL
Be warned that this reduces SSL/TLS
strength to some attacks.
See OpenSSL SSL_CTX_set_options documentation for a
complete list of options.
I tried with "options=ALL" and without "options=" . But still "protocol
error" exist when I go for 'http://www.hotmail.com'.
Am I missing something..?
Thanks for replying,
krish
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p4666068.html
Sent from the Squid - Users mailing list archive at Nabble.com.
