[squid-users] on_unsupported_protocol doesn't work for bumped https connecttions

Tarik Demirci tarik at tarikdemirci.com
Fri Nov 13 09:00:40 UTC 2015

Did anyone try on_unsupported_protocol for bumped https connections? I
made a simple test with netcat but test failed. Same test is
successful for port 80 (also intercepted by squid).

Netcat Server  --- Squid Box --- Client

On Client:
echo "aaaa" | nc 443


On Netcat Server:
nc -kl 443


On Squid Box:

https_port 8443 intercept ssl-bump \
  cert=/etc/squid/ssl_cert/myCA.pem \
  generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
acl step1 at_step SslBump1
acl step2 at_step SslBump2
ssl_bump peek step1 all
ssl_bump bump step2 all
on_unsupported_protocol tunnel all

1447235165.673      9 NONE/200 0 CONNECT -

Tarık Demirci

More information about the squid-users mailing list