Search squid archive

Re: Trying to set up SSL cache - solved!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23.02.22 21:09, Dave Blanchard wrote:
OK--I solved the problem by removing the "ssl_bump bump all" line. Works fine now.

Damn, this proxy is a TOTAL PAIN IN THE ASS!!  to configure.

configuring proxy is very easy, bumping SSL is not.

Since SSL is designed to encrypt traffic between ende - client (browser) and server, you need to effectively do man-in-the-middle attack on proxied connection.

You need to create certificate authority, install it in your browser (OS), insert your certificate on squid and hope that your browser won't reject your authority because of DANE DNS records telling browser that remote server's certificate should be only signed by their certificate authority, not by yours.

Especially when browser uses DNS-over-HTTP to avoid your DNS server that is able to provide incorrect data to it.

It seems like 90% of the tutorials out there are junk, largely because things keep changing from version to version, obsoleting them.

unfortunately, this exactly happens.

That having been said, it does have a lot of features and when it's eventually configured right it does work, so there's that. It's a lot like CUPS, in that way, or sendmail.

Please add more concrete examples to the Wiki reference pages! Thank you.

--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux