Re: [squid-users] ssl-bump mode

From: Alex Rousskov <>
Date: Mon, 07 Oct 2013 09:19:00 -0600

On 10/07/2013 03:29 AM, Jury Bogdanov wrote:
> Hello. I have some problems with ssl-bump mode. Can you help me, please?
> My configuration:

> https_port transparent ssl-bump
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> cert=/home/mut/squid.pem key=/home/mut/squid.key
> acl vk dstdomain
> ssl_bump server-first vk
> http_access deny vk all

> But I can open

Perhaps Squid does not receive HTTPS traffic at all? Check access.log
while requesting

When you open, do you see Squid CA certificate or the
well-known Root CA certificate? If it is the former, then Squid bumped
the connection (but allowed the request). If it is the latter, then
Squid did not bump the connection (see above regarding determining
whether Squid received the connection in the first place).


Received on Mon Oct 07 2013 - 15:19:31 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 07 2013 - 12:00:08 MDT