On 10/31/2012 5:33 PM, Heinrich Hirtzel wrote:
Hello
For a school project I'm trying to intercept SSL connections by using Squid (client
-> squid (transparent) -> server).
I'm running Squid 3.1.20 on Ubuntu server 12.10 (64 bit) using the following
configuration:
*************************************
http_port 10.0.1.1.:3128 intercept
https_port 10.0.1.1.:443 ssl-bump cert=/user/local/squid3/ssl_cert/myCA.pm
If i remeber right you shoudl use http and not https
acl our_networks src 10.0.1.0/24
http_access allow our_networks
forwarded_for off
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
*************************************
what iptables rules have you used?
also you better use squid 3.2 for ssl-bump.
what were you reading about ssl-bump?
take a look at:
http://wiki.squid-cache.org/Features/SslBump
and
http://wiki.squid-cache.org/Features/DynamicSslCert
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
