[squid-users] RE: SSLBUMP Issue with SSL websites

From: Muhammad Shehata <m.shehata_at_tedata.net>
Date: Thu, 12 Jul 2012 08:47:09 +0000

Dears,
Is there anyone can help me in the mentioned error
________________________________________
From: Muhammad Shehata
Sent: Tuesday, July 10, 2012 8:55 AM
To: squid-users_at_squid-cache.org
Cc: squid3_at_treenet.co.nz
Subject: SSLBUMP Issue with SSL websites

Dears,
hope you all are doing well
    actually I was following the replies on squid users-mail-list about sslbump issues with showing up some websites inline without images or css style sheet
like https://gmail.com and https://facebook.com as I have same issue in version squid 3.1.19, I know that when sslbump is enabled it intercept the CONNECT method and modify it to be GET method that when I used broken sites acl to exclude them however I see that the method is CONNECT for those excluded website not Get as all other bumped sites but it still the same result
1341837646.893 45801 x.x.x.x TCP_MISS/200 62017 CONNECT twitter.com:443 - DIRECT/199.59.150.7

acl broken_sites dstdomain .twitter.com
acl broken_sites dstdomain .facebook.com
ssl_bump deny broken_sites
ssl_bump allow all
http_port 192.168.0.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=40MB cert=/etc/pki/tls/certs/sslintercept.crt key=/etc/pki/tls/certs/sslintercept.key
Received on Thu Jul 12 2012 - 08:47:59 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 15 2012 - 12:00:02 MDT