Hi there Both Chrome and Firefox support talking to proxies using SSL (wpad type "HTTPS" instead of "PROXY"). I'm trying to test that out against my ssl-bump enabled squid proxy and it's causing an infinite loop Basically if I do something like (sleep 2;echo -ne "GET http://slashdot.org/ HTTP/1.0\r\n\r\n"; sleep 4)|openssl s_client -connect localhost:3129 against a squid-3.4.8 proxy set up with http_port 3128 ssl-bump cert=/usr/local/squid/etc/squidCA.cert capath=/etc/ssl/certs/ generate-host-certificates=on dynamic_cert_mem_cache_size=256MB options=ALL https_port 3129 ssl-bump intercept cert=/usr/local/squid/etc/squidCA.cert capath=/etc/ssl/certs/ generate-host-certificates=on dynamic_cert_mem_cache_size=256MB options=ALL squid immediately hits 100% CPU and blocks until I kill it. I turned on debugging (owch - almost had to power cycle to get out of that!) and what was happening was squid was trying to ssl-bump the 127.0.0.1:3129 connection itself - ie infinite loop The only difference between the HTTP and HTTPS ports are "intercept" - but that's needed for https_port to even work. http_port works just fine I bet I'm simply missing something, any suggestions? Thanks! -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
