On 2014-02-26 16:15, Jerry OELoo wrote:
> Hi All:
> I am new to Squid, I want to try its SSL Bump, Please kindly check as
> below. Thanks in advance.
>
> Network topology:
>
> A, client, Windows7, IP: 10.64.12.100,
> B, Proxy server, Ubuntu, running Squid, IP: 10.64.12.101
>
Okay. However that log snippet below says that the website your client
is trying to connect to is being hosted on 10.64.12.100 port 32843.
> kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
> local=10.64.12.101:3130 remote=10.64.12.100:32843 FD 12 flags=33: (92)
> Protocol not available
How is the interception being done?
> # Https Port
> https_port 3130 intercept ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> cert=/usr/local/etc/squidcert/certs/proxyCert.pem
> key=/usr/local/etc/squidcert/private/proxyKey.pem
>
This port configuration requires NAT interception.
Amos
Received on Wed Feb 26 2014 - 06:36:33 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 26 2014 - 12:00:06 MST