On 15/12/10 23:58, Alex Crow wrote:
> On 15/12/10 07:11, Oguz Yilmaz wrote:
>>
>>>> Squid conf param:
>>>> https_port 8443 cert=/etc/squid/certs/sslfilter.crt
>>>> key=/etc/squid/certs/sslfilter.key protocol=https accel vhost
>>>> defaultsite=google.com
>>>>
>>>> The way I have created the certificate and key:
>>>>
>>>>
>
> I think that config is incorrect. From the SSL Bump Wiki page
> (http://wiki.squid-cache.org/Features/SslBump)
He is trying to do this the illegal way with MITM on native port 443
HTTPS traffic flow.
ssl-bump only works with CONNECT where the browser has delegated the SSL
tunnel setup to Squid. Ssl-bump then MITMs the key handshake with a cert
created from the tunnel hostname:port provided by the browser.
Oguz:
you are going to have to create a wildcard cert for the '.' root zone
or each of the 240-odd TLDs and cc-TLDs.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3Received on Wed Dec 15 2010 - 11:37:52 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 15 2010 - 12:00:03 MST