[squid-users] Squid and SSL interception (ssl-bump)

From: Heinrich Hirtzel <heinrichhirtzel99_at_hotmail.com>
Date: Wed, 31 Oct 2012 16:33:54 +0100

Hello

For a school project I'm trying to intercept SSL connections by using Squid (client -> squid (transparent) -> server).
I'm running Squid 3.1.20 on Ubuntu server 12.10 (64 bit) using the following configuration:

*************************************
http_port 10.0.1.1.:3128 intercept
https_port 10.0.1.1.:443 ssl-bump cert=/user/local/squid3/ssl_cert/myCA.pm

acl our_networks src 10.0.1.0/24
http_access allow our_networks
forwarded_for off
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
*************************************

I've
 complied squid with SSL support (--enable-ssl). When starting Squid I
do not get any error message. Also, proxying http traffic works without
any problems.

However, when I try to establish a HTTPS session
through squid, the client retrieves the SSL certificate from squid, but
after accepting it the browser displays an error message from squid that
 the URL is invalid:

"The following error was encountered while trying to retrieve the URL: /.

Invalid URL"

In the Squid access.log I see the following line:
"<timestamp> 0 10.0.1.5 NONE/440 3503 GET / - NONE/- text/html"

It
 appears that squid does strips away the hostname / domain name of the
URL the client tries to access, which causes the error message mentioned
 above.

I've already spent hours in finding a solution for this
problem and went through dozens of tutorials, unfortunately I wasn't
able to find a solution so far.

Any ideas what could be wrong?

Regards,
Heinrich
Received on Wed Oct 31 2012 - 15:34:01 MDT

This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 12:00:05 MDT