-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you send all ssl_bump related settings? There are some missing parts in the settings. If there is a bug\error the full details are needed to analyze the subject. I need: - - OS details - - machine details - - network topology - - cache logs - - access logs Eliezer On 11/10/2014 11:17 AM, Jason Haar wrote: > Hi there, I've googled about for this but I think most of the > squid intercept stuff refers to 3.2 and I think things have changed > since then? > > I have squid-3.4.9 running with sslbump, and when I configure my > browser to use it as a proxy, it bumps the certs nicely, signing > "fake" certs/etc. I then added an iptables run to redirect outbound > tcp/80 onto port 3129 (see below) and that transparently proxies > all port 80 - great. I then went through the same exercise with > sslbump, but when I put in an iptables rule to redirect outbound > tcp/443 traffic onto 3127, it doesn't bump - it acts like a TCP > forwarder instead. I get a "CONNECT ip.add.ress:443" log record - > no sign of the hostname and no bumping > > http_port 3126 ssl-bump cert=/etc/squid/squid-CA.cert > capath=/etc/ssl/certs/ generate-host-certificates=on > dynamic_cert_mem_cache_size=256MB options=ALL http_port 3129 > transparent https_port 3127 transparent ssl-bump > cert=/etc/squid/squid-CA.cert capath=/etc/ssl/certs/ > generate-host-certificates=on dynamic_cert_mem_cache_size=256MB > options=ALL > > acl SSL_nonHTTPS_sites dstdom_regex > "/etc/squid/SSL_nonHTTPS_sites.txt" acl SSL_noIntercept_sites > dstdom_regex "/etc/squid/SSL_noIntercept_sites.txt" ssl_bump none > SSL_nonHTTPS_sites ssl_bump none SSL_noIntercept_sites ssl_bump > server-first all > > So these older search-engine pages I came across claimed this > should work with squid, but either I am missing something, or this > doesn't work in 3.4.9? > > Thanks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUYJbJAAoJENxnfXtQ8ZQUcAwH/RFRxy4Rk+TliEEPzcgT+BLu Yu4n5I1XiOBMIixR+4qckV/f0j0Y51eWSvczs082Ow/vfOMlmImLtdWS8lswpTBX cRQq3jhV9+MeFVDjDr8/owGXtf9TY5Aj1Jcmxvg+lR9TJvj4IzG5tp6t+SsW1Y0C ulXdvKBYr+KGILSrUsIKb+Px+pSZHB/yRx1GHClQFVDrkHG1djSTT74SlRnTNREs 1Ewzm6CtNF5lYD5sHpgUAaI3fsDGbAmvebwyk4nzxyDj6o3Ow1tl3/z3gND8Tv++ WMoziJphFPPDAYhCpk5f6fSCPgM1nNaxdIDs0Z+i9wd/Nw2A5TWeW9U+JPAehqU= =y/Dr -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
