-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14/11/2014 11:16 a.m., Job wrote: > Hello Amos, thank you! > > I solved with this configuration: > > http_port 3128 http_port 192.168.10.254:3129 intercept https_port > 192.168.10.254:3130 intercept ssl-bump connection-auth=off > generate-host-certificates=on dynamic_cert_mem_cache_size=16MB > cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key > cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH > options=NO_SSLv2 > > as you told me to find Peter G.'s thread! Now it works i think > good. Yay. Now I amm interested in finding out exactly why NAT fails with the port-only config. What OS are you using? and have you done anything special regarding IPv4/IPv6 to it? > > Just a question: both transparent and explicited proxy, can > cohexist with interception and ssl bump? Or i have to duplicated > configurations of host and ports in squid.conf? Yes. ssl-bump only occurs when there is TLS/SSL to decrypt. That is separate from the traffic syntax/mode. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUZUqtAAoJELJo5wb/XPRju/IH/04IR4RiiPkycROZZGlCnONp KC1ujoh1eEz1cUvaqBzNVwm+9DFWI+JINWCo9Za0oj7qYfi2FVZRnncf4XXx4sJo 9lSrlaNOKT7ReWS7caNfszb83dsZi0pJ95NlDMS3mpuFCUaDCB1UTEsGp2jNW3d+ kLEYYNyAOtcIItAe9KT3zBeqZzk29HKmSWYozAu3jnVju3+af22bkdjgHMBtxvYQ Zav9iITws7Pkp6Tr54b37NwWDzgQUAhJn8Ao402dZGVZNHkWvLbIcxViAHTUoW+n Eq0qJzB86gBBe1YqPAIWYQdCIgvYJebVSY1Ep0Z08psEMKxCTSdTE80I+2G3BtI= =XqLv -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
