[squid-users] Certificate error using using squid with tproxy configuration

Ben Goz ben.goz87 at gmail.com
Thu Jun 15 13:27:47 UTC 2023


By the help of God

The https interception guide in this link:
https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#squid-configuration-file

is misleading as it uses http_port for ssl-bump and not https_port.




‫בתאריך יום ה׳, 15 ביוני 2023 ב-16:08 מאת ‪Alex Rousskov‬‏ <‪
rousskov at measurement-factory.com‬‏>:‬

> On 6/15/23 07:31, Ben Goz wrote:
>
> > the tproxy configuration works perfectly using http without ssl,
> > But using ssl I'm getting in browser ssl error "ERR_SSL_PROTOCOL_ERROR"
>
>
> > http_port 0.0.0.0:3130 tproxy ...
>
> This http_port is for plain text HTTP interception. The configuration
> needs an https_port (note the "s") dedicated to TLS interception instead.
>
>
> > TPROXY     tcp  --  anywhere             anywhere             tcp
> > dpt:https TPROXY redirect 0.0.0.0:3130 mark 0x1/0x1
>
> The above rule should redirect traffic to that https_port.
>
>
> HTH,
>
> Alex.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230615/959a6873/attachment.htm>


More information about the squid-users mailing list