[squid-users] Squid proxy with ssl-bump - unrecognized: 'ssl-bump' error

[Mohammed al-jakry]

Dears, 

Thanks for adding me to the list…


I would like to install squid proxy with SSL bump, I am working on my Virtual lab and once everything is ok I will Test it on the real network. I already created I directory for the cert and generated the cert as below:
#Generate Private Key
openssl genrsa -out MSY.com.private 2048  

# Create Certificate Signing Request
openssl req -new -key MSY.com.private -out MSY.com.csr

# Sign Certificate
openssl x509 -req -days 3652 -in MSY.com.csr -signkey MSY.com.private -out 
MSY.com.cert
# Generate certificate cache
/usr/lib64/squid/ssl_crtd -c -s /var/lib/ssl_db
# Change ownership of the certificate cache
chown squid: /var/lib/ssl_db
then I fill the info and put the 'Common Name' something other than the domain or server_name. in addition, please find the below lines from the squid configuration file:
# Squid listen Port
http_port 3128  
ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/MSY.com.private cert=/etc/squid/MSY.com.cert  
# SSL Bump Config
always_direct allow all  
ssl_bump server-first all  
sslproxy_cert_error deny all  
sslproxy_flags DONT_VERIFY_PEER  
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 
and it’s not working with SSL bump configuration, it work only when I remove the ssl bump configuration but for sure without ssl certificate.
also i check the journalctl -xe and found the below error:
/etc/squid/squid.conf:3 unrecognized: 'ssl-bump'
any ideas ?


Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170414/0908918c/attachment-0001.html>