[squid-users] Squid 3.5.17 SSL-Bump Step1

admin admin at tisiz72.ru
Mon May 16 10:47:55 UTC 2016


Amos Jeffries писал 2016-05-16 13:34:

> Please upgrade to 3.5.19.

Upgrade to 3.5.19

>> acl blocked_https ssl::server_name  "/etc/squid/urls/block-url"
>> https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2
>> connection-auth=off cert=/etc/squid/squidCA.pem
>> acl step1 at_step SslBump1
>> ssl_bump peek step1
>> ssl_bump terminate blocked_https
>> 
>> It works.
> 
> Obviously not. There is no instruction what to do other than terminate.
> Squid is left to other circumstances to decide what is needed...

it works! :) if you have the opportunity to check on the virtual machine

>> But if I use
>> 
>> acl users_no_inet src "/etc/squid/ip-groups/no-inet"
>> http_access deny users_no_inet
> 
> ... you force bumping to happen in order to deliver the HTTP error message.
> 
> Try adding this rule above the peek (and the ACL line too):
> ssl_bump terminate users_no_inet

trying, no success :(

I just do not understand the reason for such behavior. Why, if access is
allowed everything works, and if the ban on access to HTTP, you must
first see a message stating that my certificate has not been able to
match, and then later ERR_ACCESS_DENIED. Sorry for my English
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160516/695e32a5/attachment.html>


More information about the squid-users mailing list