On 01.11.2012 04:49, Heinrich Hirtzel wrote:
> Hi Eliezer
>
>> what iptables rules have you used?
>> also you better use squid 3.2 for ssl-bump.
> iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 81 -j REDIRECT
> --to-port 3128
> iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 443 -j REDIRECT
> --to-port 443
>
>> also you better use squid 3.2 for ssl-bump.
> K, will try that. Stay tuned :-)
>
>> take a look at:
>> http://wiki.squid-cache.org/Features/SslBump
>> and
>> http://wiki.squid-cache.org/Features/DynamicSslCert
>
> I've read through them for at least 10 times (I'm not kidding) and
> tried various different configurations without finding any solution.
> Maybe I simply missed something :-/
>
> Do I need to compile squid with '--enable-ssl-crtd' or is
> '--enable-ssl' enough?
For HTTPS interception ssl-crtd is better. server-first feature and
certificate-mimic are even better.
Squid-3.3 which has these is needed for anything close to useful HTTPS
port 443 interception.
Amos
Received on Wed Oct 31 2012 - 23:10:16 MDT
This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 12:00:05 MDT