Hi
I know this question has been asked before but I didn't quite comprehend the answer.
I have got squid working as an explicit SSL proxy using SSLbump with Dynamic SSL certs.
I have also managed to get it working as a transparent proxy.
When I try the combination of the above 2 it doesn't seem to work.
It seems to be rewriting my https requests to http. Also dynamic ssl certs doesn't seem to be working. However squid definitely intercepts the request so it seems like the NAT bit is fine.
When I browse a website that's listening on 443 only I get "Zero Sized Reply" and when I browse a website that's listening on both 80/443 it works sometimes but the certificate is wrong.
This person seems to have it working
http://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/
and I am pretty much copying his config.
Here is my relevant config
---------------------------------------------------------------
http_port 3128 transparent
https_port 3129 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem
http_port 8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem
always_direct allow all
ssl_bump allow all
# the following two options are unsafe and not always necessary:
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
--------------------------------------------------------------
Thanks
Daniel
Received on Mon Apr 16 2012 - 16:43:42 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 17 2012 - 12:00:03 MDT