On 14/06/18 07:44, Antony Stone wrote: > On Wednesday 13 June 2018 at 21:28:27, baretomas wrote: > >> The calls from the application is done using ssl / https by telling java to >> use Squid as a proxy (-Dhttps.proxyHost and -Dhttp.proxyHost). > > Okay, but... > >> http_port 3128 ssl-bump generate-host-certificates=on >> dynamic_cert_mem_cache_size=4MB >> cert=/cygdrive/c/squid/etc/squid/proxyCAx.pem >> key=/cygdrive/c/squid/etc/squid/proxyCA.pem > >> # certificate generation program >> sslcrtd_program /cygdrive/c/squid/lib/squid/ssl_crtd -s >> /cygdrive/c/squid/var/cache/squid_ssldb -M 4MB > >> acl step1 at_step SslBump1 >> >> ssl_bump peek step1 >> ssl_bump bump all > > Surely all this peeking and bumping is only needed if you're running Squid in > interception mode, Not quite. SSL-Bump is interception of the TLS layer. Regular / forward / explicit proxies use it to decrypt the CONNECT messages transporting HTTPS traffic through tunnels. > whereas you've said that you've configured your Java > application to explicitly use Squid as a proxy? > The proxy port and SSL-Bump config is consistent with a SSL-Bumping forward proxy. I suspect the -Dhttp.proxyHost is probably the Java apps equivalent to the Linux http_proxy environment variables we are more familiar with seeing applications use to connect to that type of proxy. > > Have you tried your Squid configuration with a plain browser, configured to use > the proxy, with (a) a few random websites, and (b) the specific resource you're > trying to access from your Java application, to see whether it is actually > working as a caching proxy? > Good idea. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
