Stefan Reible wrote:
> Hi,
>
> I want to use https with the viralator (http ist working).
> I'm prerouting Port 80 to Port 3128 for http.
>
> Is there an option like https_port in my version?
>
> Now I want to set following option in squid.conf:
>
> http_port 3128 sslBump
> cert=/etc/squid/ssl_cert/proxy.testdomain.deCert.pem
> key=/etc/squid/ssl_cert/private/proxy.testdomain.deKey_without_Passphrase.pem
>
>
> but I get:
>
> squid1 ~ # squid -D
> FATAL: Bungled squid.conf line 9: http_port 3128 sslBump
> cert=/etc/squid/ssl_cert/proxy.testdomain.deCert.pem
> key=/etc/squid/ssl_cert/private/proxy.testdomain.deKey_without_Pp.pem
> Squid Cache (Version 3.0.STABLE19): Terminated abnormally
>
> The squid should run in transparent mode.
>
_Which_ 'transparent' mode?
* WPAD transparent configuration
* Domain policy transparent configuration
* NAT interception
* TPROXY interception
* transparent HTTP traffic relay
* transparent authentication (single-sign-on)
* transparent encoding crypto.
I know it sounds like I'm being pedantic, but the specific meaning does
matter with Squid.
> Thank you very mutch for viralator support, it`s very nice ;)
>
> Stefan
>
Some factums worth knowing:
* 3.0 does not support sslBump or any other form of HTTPS
man-in-middle attacks. 3.1 is required for that.
* sslBump in 3.1 requires that the client machines all have a CA
certificate installed to make them trust the proxy for decryption.
* sslBump requires clients to be configured for using the proxy. (Some
of the 'transparent' above work this way some do not.)
Amos
-- Please be using Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25 Current Beta Squid 3.1.0.18Received on Wed Mar 24 2010 - 04:31:21 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 24 2010 - 12:00:06 MDT