On 8/09/2015 6:45 p.m., joseph jose wrote: > Hi, > > I have tested squid reverse proxy mode and squid SSL bump both were > successful and working fine. > > Is it possible to configure a squid reverse proxy with SSL-bump enabled? The concept does not make any sense. * accel / revers-proxy traffic is destined to and terminated by the proxy. * ssl-bump is a pile of trickery and hacks to intercept traffic destined to somewhere else. What is a web server that MITM's traffic destined to itself? broken. Squid does (and always has done) normal regular HTTPS reverse-proxy: https_port 443 accel cert=... But there is not yet support for SNI. So virtual hosted HTTPS is not supported. We are still stuck with the old one IP:port per domain limit for a while yet. > > I tried configuring a squid instance in reverse proxy to bump specific > domain traffic using following config line(clubbing both reverse proxy and > SSL bump config directives) > > acl ssl_bumping dstdomain testsquid.com > ssl_bump server-first ssl_bumping > sslproxy_cert_error allow ssl_bumping > sslproxy_flags DONT_VERIFY_PEER > sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s > /usr/local/squid/var/lib/ssl_db -M 4MB > > http_port 3128 accel defaultsite=testsquid.com vhost vport ssl-bump > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=<cert> > cache_peer <webserverIP> parent <port> 0 no-query originserver > name=squidtest > > But squid is logging CONNECT error:method-not-allowed. Am i missing > something in my config?. > > Does squid works in reverse proxy mode with SSL bump enabled? No. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users