On 10/31/2012 5:33 PM, Heinrich Hirtzel wrote:
> Hello
>
> For a school project I'm trying to intercept SSL connections by using Squid (client -> squid (transparent) -> server).
> I'm running Squid 3.1.20 on Ubuntu server 12.10 (64 bit) using the following configuration:
>
> *************************************
> http_port 10.0.1.1.:3128 intercept
> https_port 10.0.1.1.:443 ssl-bump cert=/user/local/squid3/ssl_cert/myCA.pm
If i remeber right you shoudl use http and not https
>
> acl our_networks src 10.0.1.0/24
> http_access allow our_networks
> forwarded_for off
> ssl_bump allow all
> sslproxy_cert_error allow all
> sslproxy_flags DONT_VERIFY_PEER
> *************************************
what iptables rules have you used?
also you better use squid 3.2 for ssl-bump.
what were you reading about ssl-bump?
take a look at:
http://wiki.squid-cache.org/Features/SslBump
and
http://wiki.squid-cache.org/Features/DynamicSslCert
Regards,
Eliezer
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Wed Oct 31 2012 - 15:40:53 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 31 2012 - 12:00:05 MDT