On 11/2/18 12:22 PM, Shane Poage wrote:
> My understanding of how SSL bumping works is as follows, based on what
> I have read in all of the documentation I could possibly find:
To simplify, I will interpret the statements below in SslBump context.
That is, I will interpret them as they are appli
Alex,
Thanks for all your help so far - I really appreciate it. However, I'm not sure
we're on the same page for some reason because as I said previously, the
suggestions you have made do not appear to be having the effect I'm looking
for. Let me back up a bit and clarify a few things to make sure
On 11/2/18 9:54 AM, Shane Poage wrote:
> my original squid.conf had an ACL directive corresponding to the
> functionality in question:
> acl CONNECT method CONNECT
That CONNECT ACL declaration is OK, but what matters is how you _use_
that declared ACL. The configuration you posted earlier
On 3/11/18 5:02 AM, ofoerster wrote:
> Hello Community,
>
> We would like to place a proxy in front of our corporate proxy.
> Unfortunately, the parent proxy is a digest authentication and this can
> not be defined in the configuration of "cache peer". Also, the login
> with username and password
Hello Community,
We would like to place a proxy in front of our corporate proxy.
Unfortunately, the parent proxy is a digest authentication and this can
not be defined in the configuration of "cache peer". Also, the login
with username and password works only for basic authentication. Is there
If I understand you correctly, my original squid.conf had an ACL directive
corresponding to the functionality in question:
acl CONNECT method CONNECT
Regardless, I added that back to my config and re-tested both with it inline
and stand-alone. My results as follows:
http_access allow C
On 11/2/18 3:47 AM, Sid wrote:
> tls_outgoing_options \
>default-ca=off \
>cafile=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
>options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE \
> Only issue is Squid sends:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377591/2018-1
Thank you Amos and Alex for great help & support so far.
As per suggestions I have added lot more parameters in squid.conf for both
"http" & "tls_outgoing_options" directives:
http_port 3128 ssl-bump \
tls-cert=/usr/local/squid/etc/ssl_cert/myCA.pem \
cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LO
