Re: [squid-users] cannot browse https sites

From: Amos Jeffries <squid3@dont-contact.us>
Date: Fri, 1 Feb 2008 09:43:28 +1300 (NZDT)

> Yogesh Patil wrote:
>> hi,
>> I am using SQUID 2.6.STABLE17 with CentOS 5, & BIND
>> DNS SERVER configured on the same box, i have configured squid as
>> transparent proxy with all default settings , and applied iptables
>> rule by using the following
>> command
>>
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>> --to-port 3128
>>
>> i am able to browse http websites, but when i try to open https
>> sites, such as, gmail.com, hotmail.com etc.. i am not able to get any
>> response from the proxy.
>> i have also tryied with forwarding 443 (https) port to the 3128
>> (squid) port but still no success.
>>
> For transparently proxying HTTPS, I believe you will need to configure
> the "https_port 3129 cert=..." setting in squid.conf and configure
> iptables to redirect port 443 to 3129. Squid port 3128 isn't able to
> recognize the SSL protocol negotiation that occurs at the start of the
> connection when HTTPS is transparently proxied...

Squid 2.6 is also not capable of SSL interception. For that you will need
the SSLBump branch or squid 3.1 when its out.

Amos
Received on Thu Jan 31 2008 - 13:43:30 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST