Re: [squid-users] Issues with ssl-bump in 3.HEAD

From: Amos Jeffries <>
Date: Fri, 13 Jun 2014 18:00:36 +1200

> On 6/12/2014 6:04 PM, Eliezer Croitoru wrote:
>> On 06/13/2014 01:04 AM, Mike wrote:
>>> So I re-add it for testing:
>>> http_port 3128

NP: forward-proxy traffic no bumping....

>>> http_port 3129 intercept ssl-bump... blah blah

... and port 80 intercepted traffic and bumping CONNECT requests...

  ... CONNECT is not a valid method in port 80 traffic.

Thus Eliezer says:

>> You cannot use this and the cache.log will tell you that...
>> Try to setup the server like this:
>> http_port 3128

NP: forward-proxy traffic no bumping....

>> http_port 13129 intercept

... and port 80 intercepted traffic

>> https_port 13130 intercept ssl-bump ...

... and port 443 intercepted traffic having its TLS bumped.

>> With just basic settings.
>> And still it looks like a look so what are the iptables rules you are
>> using?

On 13/06/2014 2:36 p.m., Mike wrote:
> So then next question is how do I know for sure ssl-bump is working?

You will see https:// URLs logged in access.log as the bumped traffic
gets served. When its fails you will get only CONNECT requests in
access.log, maybe also TLS/SSL errors in cache.log.

> So
> far all the certificates match the servers, and I am able to use acls
> like 'acl blacklist1 dstdom_regex -i "/etc/blacklists/dom_bl"' to block
> domains, even if it is a secure site... but overall I have not figured
> out how to tell if ssl-bump is actually working or not.

dstdom* ACLs results can vary depending on whether rDNS is known to
Squid. If you want to use ACLs to test working ssl-bump you need to use
some detail such as path which is fully encrypted and requires the bump
to have succeeded to even test. Easier is to eyeball the access.log
contents though.

Received on Fri Jun 13 2014 - 06:00:58 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 13 2014 - 12:00:06 MDT