[squid-users] SSL Bump and NF getsockopt failed

Job Job at colliniconsulting.it
Fri Oct 2 11:31:43 UTC 2015


Hello,

i have enabled SSL Bump with certificates, i redirect the 443 on the 3129 port of my Squid server but https sites are not accessible anymore and i can see these errors in logs:

ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.xxx

The section regardings SSL Bump in squid.conf if the following:

http_port 3128
https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 16MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all

And https traffic, with NAT, goes out with any problems.

Where am i wrong?

Thank you!
Francesco


More information about the squid-users mailing list