I have tried to enable safe searching with Squid 3.5.7 using ssl-bump splice but when I enable it, browsing to https://google.com generates a Squid error page saying there is no valid certificate. Browsing to all other https sites loads the pages correctly and all other SSL-bump sites get bumped and displayed correctly.
Has anyone had any luck getting this to work? Here is the relevant squid.conf entries *acl s1_tls_connect at_step SslBump1acl s2_tls_client_hello at_step SslBump2acl s3_tls_server_hello at_step SslBump3acl tls_server_name_is_ip ssl::server_name_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+nacl google ssl::server_name .google.com <http://google.com>ssl_bump peek s1_tls_connect allacl nobumpSites ssl::server_name .wellsfargo.com <http://wellsfargo.com>ssl_bump splice s2_tls_client_hello nobumpSitesssl_bump splice s2_tls_client_hello googlessl_bump stare s2_tls_client_hello allssl_bump bump s3_tls_server_hello allcache_peer forcesafesearch.google.com <http://forcesafesearch.google.com> parent 443 0 ssl name=GS originserver no-query no-netdb-exchange no-digestacl search dstdomain .google.com <http://google.com>cache_peer_access GS allow searchcache_peer_access GS deny allsslproxy_cert_error allow tls_server_name_is_ipsslproxy_cert_error deny allsslproxy_flags DONT_VERIFY_PEER* Squid is in intercept mode, if that makes any difference. Regards, Stan
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
