On Sun, 14 Feb 2010 18:30:34 -0600, Andres Salazar <ndrsslzr80_at_gmail.com>
wrote:
> Hello,
>
> Iam trying to configure SSLbump so that I can use squid in transparent
> mode and redirect with iptables/pf port 443 and 80 to squid.
>
> When using https_port (based on some mailing lists) it says that isnt
> recognized.
> I also tried to use
>
> http_port 3129 transparent sslBump
> cert=/usr/local/squid/etc/server.crt
> key=cert=/usr/local/squid/etc/server.key
>
Kill that http_port = SslBump only bumps CONNECT requests in regular port
80 traffic.
And CONNECT requests are illegal unless explicitly talking to a proxy.
Passing port 443 there will only result in dropped connections and maybe
logged warnings about garbage (encrypted data) arriving from a client.
To intercept HTTPS you do need to be on an https_port.
Your squid need to be built with SSL support.
> and
>
> http_port 3129 sslBump cert=/usr/local/squid/etc/server.crt
> key=cert=/usr/local/squid/etc/server.key
>
> But then I recieve this error:
>
> FATAL: Bungled squid.conf line 38: http_port 3129 transparent sslBump
> cert=/usr/local/squid/etc/server.crt
> key=cert=/usr/local/squid/etc/server.key
"key=cert=" ??
Amos
Received on Mon Feb 15 2010 - 00:59:23 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 15 2010 - 12:00:08 MST