Re: [squid-users] The method for SSL Mitm Proxying without browser warnings

From: Amos Jeffries <>
Date: Thu, 16 Dec 2010 00:37:45 +1300

On 15/12/10 23:58, Alex Crow wrote:
> On 15/12/10 07:11, Oguz Yilmaz wrote:
>>>> Squid conf param:
>>>> https_port 8443 cert=/etc/squid/certs/sslfilter.crt
>>>> key=/etc/squid/certs/sslfilter.key protocol=https accel vhost
>>>> The way I have created the certificate and key:
> I think that config is incorrect. From the SSL Bump Wiki page
> (

He is trying to do this the illegal way with MITM on native port 443
HTTPS traffic flow.

ssl-bump only works with CONNECT where the browser has delegated the SSL
tunnel setup to Squid. Ssl-bump then MITMs the key handshake with a cert
created from the tunnel hostname:port provided by the browser.

  you are going to have to create a wildcard cert for the '.' root zone
or each of the 240-odd TLDs and cc-TLDs.


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for
Received on Wed Dec 15 2010 - 11:37:52 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 15 2010 - 12:00:03 MST