Search squid archive

Re: Squid works with ssl bump in intercept mode and root certificate in browser, but apps does not work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You have not stated which version of Squid you are using but my guess is that it is 3.5.x.

facebook app and other apps use port 443 but do not use HTTPS and therefore Squid does not how to bump it and consequently the app does not work.

What you need is the not yet stable Squid 4.0 and use the option
   on_unsupported_protocol tunnel all
so that the non-HTTPS protocols get through without being bumped.

Marcus


On 18/05/17 07:26, arun.xavier wrote:

I have configured squid with ssl-bump (intercept mode) and it works as
expected while accessing secure sites from browsers.

What I have done so far.

 - Configured squid.
 - created a root& intermediate certificate for dynamic cert generation in
squid.
     installed the same root certificate in mobile device(iphone 6 -iOS-10).
 - Every website works on chrome/safari.

But apps like facebook,twitter are not working(showing network error).

When checking cache log of squid, I found the below log.

/Error negotiating SSL connection on FD 12: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0)
/
It looks like initial CONNECT/Handshake is not working.

what I have changed in squid.conf
-----------------------------------------------------------------
acl localnet src 172.16.0.0/12
acl localnet src fe80::/10
acl allow localnet
ssl_bump bump all
always_direct allow all
http_port localhost:3128
http_port localhost:3129 intercept
https_port localhost:3130 intercept ssl-bump generate-host-certificates=on
cert=/etc/squid/cert/cert.pem
key=/etc/squid/cert/key.pem
strip_query_terms off
----------------------------------------------------------------

Any idea how to fix this? or where to check? What might be my mistake ?
PS:
I use squid to get logs of all internet traffic from mobile devices.
Overview of my intented system is like this:
SmartPhone---->VPN--->Squid--->Internet



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-works-with-ssl-bump-in-intercept-mode-and-root-certificate-in-browser-but-apps-does-not-work-tp4682451.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux