On 23.02.22 21:09, Dave Blanchard wrote:
OK--I solved the problem by removing the "ssl_bump bump all" line. Works fine now.
Damn, this proxy is a TOTAL PAIN IN THE ASS!! to configure.
configuring proxy is very easy, bumping SSL is not.
Since SSL is designed to encrypt traffic between ende - client (browser) and
server, you need to effectively do man-in-the-middle attack on proxied
connection.
You need to create certificate authority, install it in your browser (OS),
insert your certificate on squid and hope that your browser won't reject
your authority because of DANE DNS records telling browser that remote
server's certificate should be only signed by their certificate
authority, not by yours.
Especially when browser uses DNS-over-HTTP to avoid your DNS server that is
able to provide incorrect data to it.
It seems like 90% of the tutorials out there are junk, largely because
things keep changing from version to version, obsoleting them.
unfortunately, this exactly happens.
That having been said,
it does have a lot of features and when it's eventually configured right
it does work, so there's that. It's a lot like CUPS, in that way, or
sendmail.
Please add more concrete examples to the Wiki reference pages! Thank you.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users