I am using intercept. It has worked well for me for the ssl-bump so far.
http_port 192.168.100.1:800 intercepthttps_port 192.168.100.1:808 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem
I haven't ever tried it without intercept. I will try it and see what happens.
On Wed, May 6, 2015 at 7:59 PM, Jason Haar <Jason_Haar@xxxxxxxxxxx> wrote:
On 07/05/15 12:45, Stanford Prescott wrote:
That smells like transparent/intercept? Is that correct? You have to NOT do that until you've got it working via the standard proxy option. It's very hard to do SSL intercept transparently1430958788.054 5572 192.168.100.104 TCP_TUNNEL/200 2964 CONNECT 172.225.222.201:443 - ORIGINAL_DST/172.225.222.201 -
-- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
