Re: [squid-users] SSLBump, help to configure for 3.1.0.16

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 15 Feb 2010 13:59:20 +1300

On Sun, 14 Feb 2010 18:30:34 -0600, Andres Salazar <ndrsslzr80_at_gmail.com>
wrote:
> Hello,
>
> Iam trying to configure SSLbump so that I can use squid in transparent
> mode and redirect with iptables/pf port 443 and 80 to squid.
>
> When using https_port (based on some mailing lists) it says that isnt
> recognized.
> I also tried to use
>
> http_port 3129 transparent sslBump
> cert=/usr/local/squid/etc/server.crt
> key=cert=/usr/local/squid/etc/server.key
>

Kill that http_port = SslBump only bumps CONNECT requests in regular port
80 traffic.
And CONNECT requests are illegal unless explicitly talking to a proxy.
Passing port 443 there will only result in dropped connections and maybe
logged warnings about garbage (encrypted data) arriving from a client.

To intercept HTTPS you do need to be on an https_port.
Your squid need to be built with SSL support.

> and
>
> http_port 3129 sslBump cert=/usr/local/squid/etc/server.crt
> key=cert=/usr/local/squid/etc/server.key
>
> But then I recieve this error:
>
> FATAL: Bungled squid.conf line 38: http_port 3129 transparent sslBump
> cert=/usr/local/squid/etc/server.crt
> key=cert=/usr/local/squid/etc/server.key

 "key=cert=" ??

Amos
Received on Mon Feb 15 2010 - 00:59:23 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 15 2010 - 12:00:08 MST