[squid-users] It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured).

[yuriang]

It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured).

# When I try to access an https: //
# With this setting:

http_port 127.0.0.1:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
ssl_bump none localhost
ssl_bump server-first all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow all

# Cache.log reports this error:
assertion failed: PeerConnector.cc:116: "peer->use_ssl"

# With this setting:
http_port 127.0.0.1:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
ssl_bump none localhost
ssl_bump bump all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow all

# The browser designates that the connection is not private, NET::ERR_CERT_AUTHORITY_INVALID

Is it necessary for the cache_peer to be compiled with --enable-ssl-crtd and --with-openssl and configured with ssl_bump to be able to use ssl_bump on my squid child server? Or there is a way to configure ssl_bump on the child only, even if the parent does not.

Please help.


--
Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas

Infomed: http://www.sld.cu/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170522/5c7aaf8a/attachment.html>