[squid-users] sslbump and cache_peer

From: Benjamin Fleckenstein <mail_at_benjaminfleckenstein.de>
Date: Wed, 12 May 2010 12:32:37 +0200


I'm trying to setup sslbump in combination with a parent proxy.

Here a short drawing:

Client ---- my proxy (with sslbump) ---- parent proxy ---- internet

Unfortunately the parent proxy isn't able to handle the requests from my proxy and returns a "bad request" error message.

As soon as I activate sslbump, my proxy sends out the requests to the parent proxy in the form:

GET https://www.destination.com

The parent proxy isn't able to handle this as it cannot work as an ssl proxy. I also can't change the configuration of the parent proxys. So my proxy has to send you the request in the form:

CONNECT www.destination.com:443

and do the rest by itself. I couldn't find any hint how to configure this.

This are the appropriate sections of the configuration:

http_port 3128 sslBump cert=/etc/squid/bump.pem key=/etc/squid/bump.key
ssl_bump allow all
cache_peer parent1 parent 3128 0 no-query
cache_peer_access parent1 allow all
never_direct allow all
sslproxy_cert_error allow all

Any comment is highly appreciated!

Received on Wed May 12 2010 - 10:32:46 MDT

This archive was generated by hypermail 2.2.0 : Thu May 13 2010 - 12:00:05 MDT