[squid-users] on_unsupported_protocol doesn't work for bumped https connecttions
Tarik Demirci
tarik at tarikdemirci.com
Fri Nov 13 09:00:40 UTC 2015
Hi,
Did anyone try on_unsupported_protocol for bumped https connections? I
made a simple test with netcat but test failed. Same test is
successful for port 80 (also intercepted by squid).
Netcat Server --- Squid Box --- Client
On Client:
echo "aaaa" | nc 10.50.13.1 443
***
On Netcat Server:
nc -kl 443
***
On Squid Box:
squid.conf:
https_port 8443 intercept ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
acl step1 at_step SslBump1
acl step2 at_step SslBump2
ssl_bump peek step1 all
ssl_bump bump step2 all
on_unsupported_protocol tunnel all
access.log:
1447235165.673 9 10.41.0.100 NONE/200 0 CONNECT 10.50.13.1:443 -
HIER_NONE/- -
--
Tarık Demirci
More information about the squid-users
mailing list