[squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available)

From: Ict Security <ict.security.job_at_gmail.com>
Date: Wed, 16 Apr 2014 16:15:49 +0200

 Hello to everybody,

we use Squid for http transparent proxyging and everything is all right.

I followed some howtos and we add SSL Bump transparent interception.

In squid.conf i have:

http_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslcrtd_program /usr/lib/squid/ssl_crtd -s /usr/lib/squid/ssl_db -M 4MB
sslcrtd_children 30

and in iptables i added this directive:

 -A PREROUTING -p tcp -s 192.168.10.8 --dport 443 -j DNAT
--to-destination 192.168.10.254:3127

HTTP surfing is still right, but when i connect, as example, to
https://www.google.com browser returns page error and i have these
log:

2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.10.254:3127 remote=192.168.10.8:58831 FD 15 flags=33:
(92) Protocol not available
2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.10.254:3127 remote=192.168.10.8:58832 FD 15 flags=33:
(92) Protocol not available
2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.10.254:3127 remote=192.168.10.8:58833 FD 15 flags=33:
(92) Protocol not available

I read some similar post but i did not apply, and find, the solution.

Thank you a log and best regards!

Francesco
Received on Wed Apr 16 2014 - 14:15:57 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 17 2014 - 12:00:09 MDT