[squid-users] R: R: R: Problem with Squid 3.4 and transparent SSL proxy
Amos Jeffries
squid3 at treenet.co.nz
Fri Nov 14 00:19:57 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 14/11/2014 11:16 a.m., Job wrote:
> Hello Amos, thank you!
>
> I solved with this configuration:
>
> http_port 3128 http_port 192.168.10.254:3129 intercept https_port
> 192.168.10.254:3130 intercept ssl-bump connection-auth=off
> generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
> cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key
> cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
> options=NO_SSLv2
>
> as you told me to find Peter G.'s thread! Now it works i think
> good.
Yay. Now I amm interested in finding out exactly why NAT fails with
the port-only config. What OS are you using? and have you done
anything special regarding IPv4/IPv6 to it?
>
> Just a question: both transparent and explicited proxy, can
> cohexist with interception and ssl bump? Or i have to duplicated
> configurations of host and ports in squid.conf?
Yes. ssl-bump only occurs when there is TLS/SSL to decrypt. That is
separate from the traffic syntax/mode.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUZUqtAAoJELJo5wb/XPRju/IH/04IR4RiiPkycROZZGlCnONp
KC1ujoh1eEz1cUvaqBzNVwm+9DFWI+JINWCo9Za0oj7qYfi2FVZRnncf4XXx4sJo
9lSrlaNOKT7ReWS7caNfszb83dsZi0pJ95NlDMS3mpuFCUaDCB1UTEsGp2jNW3d+
kLEYYNyAOtcIItAe9KT3zBeqZzk29HKmSWYozAu3jnVju3+af22bkdjgHMBtxvYQ
Zav9iITws7Pkp6Tr54b37NwWDzgQUAhJn8Ao402dZGVZNHkWvLbIcxViAHTUoW+n
Eq0qJzB86gBBe1YqPAIWYQdCIgvYJebVSY1Ep0Z08psEMKxCTSdTE80I+2G3BtI=
=XqLv
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list