[squid-users] cant bump ssl
HackXBack
hack.back at hotmail.com
Tue Dec 15 19:46:56 UTC 2015
hello,
am using squid 3.5
why i cant bump ssl conection with android
my squid conf is
# SSL_BUMP_WHITE_LIST = 0 [squid_ssl/build/48]
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
# SNI Group fbcdn
acl SNIGroup5 ssl::server_name_regex -i fbcdn\.net
acl SNIGroup5 ssl::server_name_regex -i akamaihd\.net
acl SNIGroup5 ssl::server_name_regex -i i\.ytimg\.com
acl SNIGroup5 ssl::server_name_regex -i facebook\.com
# 1 BUMP rules...
ssl_bump bump ssl_step2 SNIGroup5
# 1 Splice rules...
ssl_bump splice all
sslproxy_version 0
sslproxy_options ALL
sslproxy_cert_error allow all
#-------- Wont push the client to use udp 443 or udp 80
reply_header_access alternate-protocol deny all
#--------- Wont push the client to use HSTS sent by the web site
reply_header_access Strict-Transport-Security deny all
# Squid normally listens to port 3128
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl_cert/myCA.pem
http_port 3129
http_port 3128 intercept
sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db/certs/ -M 16MB
sslcrtd_children 50 startup=40 idle=1
in access.log i see TAG_NONE
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/cant-bump-ssl-tp4675201.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list