Hi all, I tried to build a ssl bumping proxy with up level proxy, but client failed to connect like the following. The error: --- $ curl https://www.google.co.jp -vvvv -k * Rebuilt URL to: https://www.google.co.jp/ * Trying ::1... * Connected to localhost (::1) port 3128 (#0) * Establish HTTP proxy tunnel to www.google.co.jp:443 > CONNECT www.google.co.jp:443 HTTP/1.1 > Host: www.google.co.jp:443 > User-Agent: curl/7.43.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to www.google.co.jp:443 * Closing connection 0 curl: (35) Unknown SSL protocol error in connection to www.google.co.jp:443 --- My squid.conf: --- # default acls/configs are ignored cache_peer 127.0.0.1 parent 8118 0 default no-digest proxy-only never_direct allow all ssl_bump peek all ssl_bump bump all http_port 3128 ssl-bump \ cert=/etc/squid/ssl/ca.crt \ key=/etc/squid/ssl/ca.key \ generate-host-certificates=on \ dynamic_cert_mem_cache_size=4MB --- >From the cache_peer port, someone may notice that I'm using privoxy. That's right, as I need to redirect the ssl traffic to SOCKS5 proxy, or I can't ever access some sites. Here is some of my experiments: 1) Remove "never_direct" Then ssl_bump works as expected, but all traffic doesn't goes through the SOCKS5 proxy. So a lot of sites I can't access. 2) Use local 8118 proxy That works fine without any problem, but SSL_dump is needed... So just prove privoxy are working. Any clue? Thanks _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
