Hi Starting to look at ssl-bump found http://wiki.squid-cache.org/Features/SslPeekAndSplice http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit I gather I need to modify my http_port to look someting like http_port 3128 ssl-bump \ cert=/etc/squid/ssl_cert/myCA.pem \ generate-host-certificates=on dynamic_cert_mem_cache_size=4MB from http_port 3128 I have generated a int CA of our internal CA, the cert option above points to a pem file. does that have pub and private in there ? I wanted to tested this on a specif ip so using # pick up from a file acl NoBump ssl::server_name /etc/squid/lists/noSSLPeek.lst acl NoBump src <testip> # for testing acl haveServerName ssl::server_name google.com # Do no harm: # Splice indeterminate traffic. ssl_bump splice NoBump ssl_bump bump haveServerName ssl_bump peek all ssl_bump splice all The way i read this is if I come from an address other then the testip. the connect goes through. But for the test ip I try and peek and if not splice . Create and initialize SSL certificates cache directory <<< where do I set this directory in squid config ? _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
