[squid-users] Transparent HTTP Proxy and SSL-BUMP feature

From: Maret Ludovic <Ludovic.Maret_at_heig-vd.ch>
Date: Fri, 2 Dec 2011 12:02:36 +0000

Hi there !

I want to configure a transparent proxy for HTTP and SSL. HTTP works
pretty well but i'm stuck with SSL even if i use the ssl-bump feature.

Right now, it almost works if i use 2 differents ports for the http_port
& https_port :

http_port 3129 transparent
https_port 3130 ssl-bump cert=/etc/squid/ssl_cert/partproxy01-test.pem
key=/etc/squid/ssl_cert/private/partproxy01-key-test.pem

HTTP is ok, i get the warning about a probable man-in-the-middle attack
when i tried to access a SSL web site. I did just add an exception. And
i get an error : Invalid URL

In the logs, i found :

1322820580.454 0 10.194.2.63 NONE/400 3625 GET /pki – NONE/- text/html

When i tried to access https://www.switch.ch/pki
Apparently, squid cut the URL and remove the host.domain part…

When i tried to use CONNECT method and ssl-bump on http_port. I get an
error in the browser “ssl_error_rx_record_too_long” or
“ERR_SSL_PROTOCOL_ERROR”

Any clues ?

Many Thanks

Ludovic

Received on Fri Dec 02 2011 - 12:02:44 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 02 2011 - 12:00:01 MST