On 10/07/2013 03:29 AM, Jury Bogdanov wrote:
> Hello. I have some problems with ssl-bump mode. Can you help me, please?
> My configuration:
> https_port 192.168.56.100:3130 transparent ssl-bump
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> cert=/home/mut/squid.pem key=/home/mut/squid.key
> acl vk dstdomain .vk.com
> ssl_bump server-first vk
> http_access deny vk all
> But I can open https://vk.com
Perhaps Squid does not receive HTTPS traffic at all? Check access.log
while requesting https://vk.com
When you open https://vk.com, do you see Squid CA certificate or the
well-known Root CA certificate? If it is the former, then Squid bumped
the connection (but allowed the request). If it is the latter, then
Squid did not bump the connection (see above regarding determining
whether Squid received the connection in the first place).
HTH,
Alex.
Received on Mon Oct 07 2013 - 15:19:31 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 07 2013 - 12:00:08 MDT