Re: [squid-users] Using squid as transparent proxy causes problem with pages on https

From: Ahmed Talha Khan <auny87_at_gmail.com>
Date: Wed, 11 Apr 2012 16:01:47 +0500

So whats the advantage of the ssl_bump feature left then if it cannot
act as an ssl endpoint. Does squid not support ssl end-point
termination?

-talha

On Wed, Apr 11, 2012 at 2:55 PM, Michał Wiącek <mwiacek_at_siodemka.com> wrote:
> Redirecting ssl connections not work - all ssl connection is like where to
> connect and encrypted message, so if you change where to connect proxy will
> not know where to send connection (there is a way to use many ports and that
> ports connect to specified host but this is messy).
> You can only change setting in browser - to use Proxy (and even set to http
> port, https port is only to secure trafic betwen your comp and gateway ,
> what is usually not needed).
>
> Mike
>
> -----Original Message-----
> From: Ahmed Talha Khan [mailto:auny87_at_gmail.com]
> Sent: Wednesday, April 11, 2012 11:31 AM
> To: squid-users_at_squid-cache.org
> Cc: Talha Khan
> Subject: [squid-users] Using squid as transparent proxy causes problem with
> pages on https
>
> Hey,
>
> I have configured squid to act as a transparent proxy. i also want to
> bump the ssl connections. However i am unable to open the https
> pages.The browser keeps going in loops and says that the page isnt
> redirecting properly(firefox) or has redirect-loops(chrome).
>
> I then removed the ssl-bump configuration from the http_port
> definition but the problem still persists.
>
> My setup is like this. I have 2 linux boxes, one acting as the default
> gateway of the other. I am running squid on the 2nd box. All ip-table
> entries are good as http traffic is going along smoothly.
>
> Can anybody help. My conf file looks like this
>
>
> cache_effective_user talha
> always_direct allow all
> ssl_bump allow all
>
>
>
> # Squid normally listens to port 3128
> http_port 192.168.8.105:3128 transparent ssl-bump
> cert=/home/talha/squid/www.sample.com.pem
> key=/home/talha/squid/www.sample.com.pem
> https_port 192.168.8.105:3129 transparent ssl-bump
> cert=/home/talha/squid/www.sample.com.pem
> key=/home/talha/squid/www.sample.com.pem
>
>
> Even removing the ssl-bump option does not solve the problem
>
>
>
>
>
> --
> Regards,
> -Ahmed Talha Khan
> 

-- 
Regards,
-Ahmed Talha Khan
Received on Wed Apr 11 2012 - 11:01:54 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 11 2012 - 12:00:03 MDT