04.03.2017 3:29, C. L. Martinez пишет: > Hi all, > > After installing Squid 3.5.24 in my Debian testing (many thanks Amos for your help), I am trying to configure Squid as https intercept proxy. My config actually is: > > http_port 127.0.0.1:8080 > http_port 127.0.0.1:8081 intercept > http_port 127.0.0.1:8082 ssl-bump cert=/opt/squid/etc/certs/myCA.pem generate-host-certificates=on \ > dynamic_cert_mem_cache_size=4MB tls-dh=/opt/squid/etc/certs/dhparam.pem > https_port 127.0.0.1:8083 ssl-bump intercept cert=/opt/squid/etc/certs/myCA.pem generate-host-certificates=on \ > dynamic_cert_mem_cache_size=4MB tls-dh=/opt/squid/etc/certs/dhparam.pem > sslcrtd_program /opt/squid/libexec/ssl_crtd -s /var/squid/ssldb -M 4MB > > # SSL-Bump > acl step1 at_step SslBump1 > acl step2 at_step SslBump2 > acl step3 at_step SslBump3 > ssl_bump splice localhost > acl exclude_sites ssl::server_name_regex -i "/usr/local/etc/squid/doms.nobump" > ssl_bump peek step1 all > ssl_bump splice exclude_sites > ssl_bump stare step2 all > ssl_bump bump all > > Content of "/usr/local/etc/squid/doms.nobump" is: > > update\.microsoft\.com$ > update\.microsoft\.com\.akadns\.net$ > > But every time I have receiving Error code: SSL_ERROR_RX_RECORD_TOO_LONG in Firefox's browsers when I visit any web using https like https://www.debian.org, https://www.redhat.com, etc.. Some time ago, I have setup same config under OpenBSD and all works ok. > > Where am I doing the mistake? Hardly this is mistake. Most probably this is platform-specific non-squid bug. -- Bugs to the Future
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
