HI,
So your tip worked better than expected as now without the cert key they
don' have anymore the info about the untrusted cert and they have access to the ssl website.
In the address field we can see the official certificate!! So it's great.
Some of my users told me that they have app which use ssl but do not have proxy options, is there anyway to use ssl-bump transparently?
if I use this:
http_port 3128 transparent ssl-bump
http_port 3129
http work but ssl crash
At least thanks for your first answers!!
> Date: Tue, 28 Aug 2012 22:50:18 +1200
> From: squid3_at_treenet.co.nz
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] https, sslbiump etc...
>
> On 28/08/2012 7:14 p.m., Babelo Gmvsdm wrote:
> > Hi,
> > I implemented https cache on my squid with sslbump, cert key etc... I don't use it in transparent mode because I want that my users are aware about this mechanism.
>
> To leave your users aware of the problem, all you need to do is *not*
> distribute your signing CA certificate to them. They will get the
> untrusted cert message. This is true for both CONNECT bumping and native
> port 443 bumping.
>
> > It seems to work, but on some sites (live.com for instance) after accept the self signed cert, I have a blank page. The access log seems normal, and there is no error in cache log.
> >
> > Any clue of what could happen?
> > Other question, is there any way to avoid some ssl sites to be cached?
>
> "cache" access control list operates on everything regardless of how the
> request was received or processed by Squid. Use "cache deny" lines to
> specify what is not permitted to be cached. We don't yet have a specific
> ACL way to identify just the bumped requests though.
>
> Amos
Received on Tue Aug 28 2012 - 12:46:55 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 28 2012 - 12:00:18 MDT