On 12/14/2015 06:43 AM, Парфенович Н.А. wrote:
Hello! Show you how to use Squid in transparent mode for tracking HTTPS without replacing the certificates? My squid.conf: http://pastebin.ru/AWU8LXvK. If such a configuration file to use version 3.5.8 squid compiled using Libressl, everything works fine. But if you use version 3.5.9 and above, Squid begins to "terminated" in the number of clients above 20. Moreover, interrupted for no apparent reason and messages in the logs. Also tested versions> = 4.0, the effect is the same - Squid "terminated". How to overcome the problem? Correct any configuration I have? Thank you in advance. PS .: Sorry for my english
Depending on how you define "tracking" ... Your squid config has: acl blocked ssl::server_name "/etc/squid/blocked_https.txt" acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump terminate blocked ssl_bump splice all So it seems that you want to peek and block a few sites based on the SNI and splice all other allowed sites. When you splice, the TLS/SSL connection is untouched so the original certificates of the webservers are used. I am not 100% sure, but it seems that to configure sslbump, one must define a fake CA certificate to tell Squid to do sslbumping. But since you never bump (only terminate or splice) the fake CA certificate is never used. To debug the sslbump feature you need to set debug_options ALL,1 33,9 83,9 and carefully look at cache.log to see what is going wrong. Marcus _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
