[squid-users] Is there a way on client to show proxy's certificate?
GeorgeShen
g2011828 at hotmail.com
Mon Dec 23 06:26:26 UTC 2019
>this is http port, speaking http. This is not a https port, so you can't
>speak https to it. The difference between 3128 and 3129 is, when you issue
>CONNECT request to 3129, squid tries to communicate using SSL as if it was
>the destination server (or, whatever you configure in ssl_bump options).
>if you want to talk to squid on port 443, you must configure https_port.
because I'm doing the explicit proxy for https on this proxy server. if I
configure
"https_port 3129 ssl-bump ...", then I get this error when doing the https
proxy:
2019/12/22 22:07:15| FATAL: ssl-bump on https_port requires tproxy/intercept
which is missing.
so this to me means, i can only configure https_port if I'm using the
intercept method, which I'm not.
Or is there a way to listern to the https_port with explicit proxy?
>>BTW, the https/TLS bump through this server works. when using the openssl
>>s_client, get this result,
>>(it says "no peer certificate available"):
>this looks to me more like failure of setting up SSL protocol.
>I really wonder something SSL related works at all.
>you should check with:
>
>openssl s_client -proxy 192.168.1.35:3129 -connect <host:port> -showcerts
>
>on both squid ports to see the difference.
The above command works for me, but I only get the certs from the real host,
not the proxy server itself.
thanks.
George
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list