It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured).
# When I try to access an https: //
# With this setting:
# With this setting:
http_port 127.0.0.1:3129 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/etc/squid/ssl_cert/myCA.pem
sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
ssl_bump none localhost
ssl_bump server-first all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow all
sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
ssl_bump none localhost
ssl_bump server-first all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow all
# Cache.log reports this error:
assertion failed: PeerConnector.cc:116: "peer->use_ssl"
assertion failed: PeerConnector.cc:116: "peer->use_ssl"
# With this setting:
http_port 127.0.0.1:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
ssl_bump none localhost
ssl_bump bump all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow all
http_port 127.0.0.1:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
ssl_bump none localhost
ssl_bump bump all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow all
# The browser designates that the connection is not private,
NET::ERR_CERT_AUTHORITY_INVALID
Is it necessary for the cache_peer to be compiled with --enable-ssl-crtd
and --with-openssl and configured with ssl_bump to be able to use ssl_bump on my
squid child server? Or there is a way to configure ssl_bump on the child only,
even if the parent does not.
Please help.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
