Hey, I'm not sure I understand the scenario and the issue. >From the wiki page you quoted: - https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit I understand you are trying to intercept ssl connections but it's not clear if any traffic is being intercepted or not. If possible provide the: - OS and distribution - "squid -v" output - some of the access.log that might provide more details on if the traffic is passing or not thru the proxy - if linux then iptables rules - if possible the whole squid.conf (remove or obscure any private details) Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of L A Walsh Sent: Thursday, November 29, 2018 19:44 To: squid-users@xxxxxxxxxxxxxxx Subject: how to go from connect/tunnel in squid4 ->GET I had a version of this working in squid3.x, but it didn't work for some sites and didn't work well with a newer Opera, but did ok with an older FF-clone. I bumped to squid4 a few months ago, but stil haven't gotten to the point where I can see and cache individual requests and following config examples @ https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit, I'm feeling rather clueless as to what I'm missing. If someone could throw a few hints/clueballs my way I'd really appreciate knowing what I'm doing wrong. My port line looks like (it's all 1 line). http_port ishtar.sc.tlinx.org:8118 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=64MB tls-cert=/etc/squid/ssl_cert/myCA.pem options=SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=secp521r1,/etc/squid/ssl_cert/dhparam-4096.pem myCA.pem contains both private+public sigs. I generated a separate dhparam file, but don't know if I was supposed to include the curve type in the generation command or if it only uses that later. I pre-generated the cert dir and it seems to be running, but I don't see any certs appearing in the dir Looking at squid w/ps, I see: root 56805 1 0 04:28 ? 00:00:00 /usr/sbin/squid squid 56807 56805 42 04:28 ? 00:00:03 (squid-1) --kid squid-1 squid 56809 56807 0 04:28 ? 00:00:00 (security_file_certgen) -s /var/cache/squid/lib/ssl_db -M 64MB squid 56810 56807 0 04:28 ? 00:00:00 (security_file_certgen) -s /var/cache/squid/lib/ssl_db -M 64MB squid 56811 56807 0 04:28 ? 00:00:00 (security_file_certgen) -s /var/cache/squid/lib/ssl_db -M 64MB squid 56812 56807 0 04:28 ? 00:00:00 (security_file_certgen) -s /var/cache/squid/lib/ssl_db -M 64MB squid 56813 56807 0 04:28 ? 00:00:00 (security_file_certgen) -s /var/cache/squid/lib/ssl_db -M 64MB squid 56814 56807 0 04:28 ? 00:00:00 (logfile-daemon) /var/log/squid/access.log squid 56815 56807 0 04:28 ? 00:00:00 (pinger) Any ideas where I might be missing things? I can decomment and send the active lines from the config file if that would help. Thanks for any pointers... _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
