On 15/12/2015 5:52 a.m., Marcus Kool wrote: > > > On 12/14/2015 06:43 AM, Парфенович Н.А. wrote: >> Hello! Show you how to use Squid in transparent mode for tracking >> HTTPS without replacing the certificates? >> My squid.conf: http://pastebin.ru/AWU8LXvK. If such a configuration file >> to use version 3.5.8 squid compiled using Libressl, everything works >> fine. But if you use version 3.5.9 and above, Squid begins to >> "terminated" in >> the number of clients above 20. Moreover, interrupted for no apparent >> reason and messages in the logs. Also tested versions> = 4.0, the >> effect is the same - Squid "terminated". How to overcome the problem? >> Correct any >> configuration I have? Thank you in advance. PS .: Sorry for my english > > Depending on how you define "tracking" ... > > Your squid config has: > > acl blocked ssl::server_name "/etc/squid/blocked_https.txt" > acl step1 at_step SslBump1 > ssl_bump peek step1 > ssl_bump terminate blocked > ssl_bump splice all > > So it seems that you want to peek and block a few sites based on the SNI > and splice all other allowed sites. > When you splice, the TLS/SSL connection is untouched so the original > certificates of the webservers are used. > I am not 100% sure, but it seems that to configure sslbump, one must > define a fake CA certificate to tell Squid to do sslbumping. > But since you never bump (only terminate or splice) the fake CA > certificate is never used. Sort of. The terminate action does need to do a full bump with what used to be called client-first style of bumping. Otherwise for splice-only they are unused, but still need to be properly configured just to enable ssl_bump processing in current Squid. > > To debug the sslbump feature you need to set > debug_options ALL,1 33,9 83,9 > and carefully look at cache.log to see what is going wrong. > > Marcus Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
