I've been banging my head on this one for a while. I am setting up parental controls on my network using squidguard. I have a raspberry pi running squid 4.6 and the router has a policy that sends all web traffic from my children's computers to squid.
Everything works correctly for HTTP connections but I cannot get HTTPS to stop bumping. I want to splice all HTTPS connections in order to filter with squidguard but I do not want to ever bump (because it causes browser errors in chrome for a lot of sites).
I've tried many, many different settings and I always get traffic bumped. Here is an example:
http_port 3128 intercept
https_port 3129 intercept tls-cert=/etc/squid/ssl_cert/myCA.pem tls-key=/etc/squid/ssl_cert/myCA.pem
...
ssl_bump peek step1
ssl_bump peek step2
ssl_bump splice step2
I've tried setting debug_options to 9 but cannot see anything useful in the logs to indicate why it is not splicing. I always just see the full set of request headers in the logs for HTTPS connections, indicating that the connection is bumped.
One thing I did notice is that the ssl logformat options do not work. I get errors like this on restart:
FATAL: Can't parse configuration token: '%ssl::>sni'
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
