[squid-users] SSL Bump and "protocol not available"

From: Ict Security <ict.security.job_at_gmail.com>
Date: Tue, 22 Apr 2014 09:21:18 +0200

Hello to everybody,

we use Squid for http transparent proxyging and everything is all right.

I followed some howtos and we add SSL Bump transparent interception.

In squid.conf i have:

https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslcrtd_program /usr/lib/squid/ssl_crtd -s /usr/lib/squid/ssl_db -M 4MB
sslcrtd_children 30

and in iptables i added this directive:

 -A PREROUTING -p tcp -s 192.168.10.8 --dport 443 -j DNAT
--to-destination 192.168.10.254:3127

HTTP surfing is still right, but when i connect, as example, to
https://www.google.com browser returns page error and i have these
log:

2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.10.254:3127 remote=192.168.10.8:58831 FD 15 flags=33:
(92) Protocol not available
2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.10.254:3127 remote=192.168.10.8:58832 FD 15 flags=33:
(92) Protocol not available
2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
local=192.168.10.254:3127 remote=192.168.10.8:58833 FD 15 flags=33:
(92) Protocol not available

I read some similar post but i did not apply, and find, the solution.

Thank you a log and best regards!

Francesco
Received on Tue Apr 22 2014 - 07:21:27 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 22 2014 - 12:00:06 MDT