Hi there !
I want to configure a transparent proxy for HTTP and SSL. HTTP works
pretty well but i'm stuck with SSL even if i use the ssl-bump feature.
Right now, it almost works if i use 2 differents ports for the http_port
& https_port :
http_port 3129 transparent
https_port 3130 ssl-bump cert=/etc/squid/ssl_cert/partproxy01-test.pem
key=/etc/squid/ssl_cert/private/partproxy01-key-test.pem
HTTP is ok, i get the warning about a probable man-in-the-middle attack
when i tried to access a SSL web site. I did just add an exception. And
i get an error : Invalid URL
In the logs, i found :
1322820580.454 0 10.194.2.63 NONE/400 3625 GET /pki – NONE/- text/html
When i tried to access https://www.switch.ch/pki
Apparently, squid cut the URL and remove the host.domain part…
When i tried to use CONNECT method and ssl-bump on http_port. I get an
error in the browser “ssl_error_rx_record_too_long” or
“ERR_SSL_PROTOCOL_ERROR”
Any clues ?
Many Thanks
Ludovic
This archive was generated by hypermail 2.2.0 : Fri Dec 02 2011 - 12:00:01 MST