[squid-users] cant bump ssl

HackXBack hack.back at hotmail.com
Tue Dec 15 19:46:56 UTC 2015

am using squid 3.5
why i cant bump ssl conection with android 
my squid conf is

# SSL_BUMP_WHITE_LIST = 0 [squid_ssl/build/48]
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1

# SNI Group fbcdn
acl SNIGroup5 ssl::server_name_regex -i fbcdn\.net
acl SNIGroup5 ssl::server_name_regex -i akamaihd\.net
acl SNIGroup5 ssl::server_name_regex -i i\.ytimg\.com
acl SNIGroup5 ssl::server_name_regex -i facebook\.com

# 1 BUMP rules...
ssl_bump bump ssl_step2 SNIGroup5
# 1 Splice rules...
ssl_bump splice all

sslproxy_version 0
sslproxy_options ALL
sslproxy_cert_error allow all

#-------- Wont push the client to use udp 443 or udp 80
reply_header_access alternate-protocol deny all
#--------- Wont push the client to use HSTS sent by the web site
reply_header_access Strict-Transport-Security deny all

# Squid normally listens to port 3128
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl_cert/myCA.pem
http_port  3129
http_port  3128 intercept

sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db/certs/ -M 16MB
sslcrtd_children 50 startup=40 idle=1

in access.log i see TAG_NONE

View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/cant-bump-ssl-tp4675201.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list