[squid-users] SSLBUMP Issue with SSL websites

From: Muhammad Shehata <m.shehata_at_tedata.net>
Date: Tue, 10 Jul 2012 06:55:53 +0000

hope you all are doing well
    actually I was following the replies on squid users-mail-list about sslbump issues with showing up some websites inline without images or css style sheet
like https://gmail.com and https://facebook.com as I have same issue in version squid 3.1.19, I know that when sslbump is enabled it intercept the CONNECT method and modify it to be GET method that when I used broken sites acl to exclude them however I see that the method is CONNECT for those excluded website not Get as all other bumped sites but it still the same result
1341837646.893 45801 x.x.x.x TCP_MISS/200 62017 CONNECT twitter.com:443 - DIRECT/

acl broken_sites dstdomain .twitter.com
acl broken_sites dstdomain .facebook.com
ssl_bump deny broken_sites
ssl_bump allow all
http_port ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=40MB cert=/etc/pki/tls/certs/sslintercept.crt key=/etc/pki/tls/certs/sslintercept.key
Received on Tue Jul 10 2012 - 06:56:48 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 12 2012 - 12:00:02 MDT