got the ACL backwards # ssl-bump # pick up from a file #acl NoBump ssl::server_name /etc/squid/lists/noSSLPeek.lst # Alex test machine acl testIP src 10.172.208.105 # for testing acl haveServerName ssl::server_name .google.com # Do no harm: # Splice indeterminate traffic. ssl_bump splice ! testIP ssl_bump splice NoBump ssl_bump bump haveServerName ssl_bump peek all ssl_bump splice all On 9 February 2016 at 10:52, Alex Samad <alex@xxxxxxxxxxxx> wrote: > Hi > > Starting to look at ssl-bump found > http://wiki.squid-cache.org/Features/SslPeekAndSplice > http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit > > I gather I need to modify my http_port to look someting like > > http_port 3128 ssl-bump \ > cert=/etc/squid/ssl_cert/myCA.pem \ > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > > > from http_port 3128 > > I have generated a int CA of our internal CA, the cert option above > points to a pem file. does that have pub and private in there ? > > I wanted to tested this on a specif ip so using > > # pick up from a file > acl NoBump ssl::server_name /etc/squid/lists/noSSLPeek.lst > acl NoBump src <testip> > > # for testing > acl haveServerName ssl::server_name google.com > > > # Do no harm: > # Splice indeterminate traffic. > ssl_bump splice NoBump > ssl_bump bump haveServerName > ssl_bump peek all > ssl_bump splice all > > > The way i read this is if I come from an address other then the > testip. the connect goes through. > But for the test ip I try and peek and if not splice . > > Create and initialize SSL certificates cache directory <<< where do I > set this directory in squid config ? _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
