Re: [squid-users] https, sslbiump etc...

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 28 Aug 2012 22:50:18 +1200

On 28/08/2012 7:14 p.m., Babelo Gmvsdm wrote:
> Hi,
> I implemented https cache on my squid with sslbump, cert key etc... I don't use it in transparent mode because I want that my users are aware about this mechanism.

To leave your users aware of the problem, all you need to do is *not*
distribute your signing CA certificate to them. They will get the
untrusted cert message. This is true for both CONNECT bumping and native
port 443 bumping.

> It seems to work, but on some sites (live.com for instance) after accept the self signed cert, I have a blank page. The access log seems normal, and there is no error in cache log.
>
> Any clue of what could happen?
> Other question, is there any way to avoid some ssl sites to be cached?

"cache" access control list operates on everything regardless of how the
request was received or processed by Squid. Use "cache deny" lines to
specify what is not permitted to be cached. We don't yet have a specific
ACL way to identify just the bumped requests though.

Amos
Received on Tue Aug 28 2012 - 10:50:27 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 28 2012 - 12:00:18 MDT