This is the snippet of what we use to SSL bump browser CONNECT requests which have proxy settings explicitly set to use Squid (only selected sites are bumped).
<skip>
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/opt/quintolabs/qlproxy/myca.pem
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB
always_direct allow all
acl qlproxy_https_exclusions dstdomain "/etc/opt/quintolabs/qlproxy/squid/https_exclusions.conf"
acl qlproxy_https_targets dstdomain "/etc/opt/quintolabs/qlproxy/squid/https_targets.conf"
ssl_bump none localhost
ssl_bump server-first qlproxy_https_targets
ssl_bump none all
<skip>
P.S. Ubuntu 13, Debian 7 x64 with adjusted Squid compilation --enable-ssl --enable-ssl-crtd
-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Friday, November 22, 2013 2:40 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] anyOne who has working ssl_bump configuration for facebook ???
On 23/11/2013 2:22 a.m., V�ctor Fern�ndez Mart�nez wrote:
> Hi,
>
> I use the ssl_bump and Facebook works flawlessly.
>
> - Did you import the ssl_bump root CA certificate into the client
> you're using to browse those websites?
> - Which kind of certificate errors do you get? Which browser are you using?
>
And which of the 8 different configurations of ssl-bump are you using?
ie provide your squid.conf snipppets please.
Amos
Received on Fri Nov 22 2013 - 17:18:23 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 22 2013 - 12:00:05 MST