Hi Alex,
sorry for the late reply.
> > 2015/11/10 19:24:30.181 kid1| 33,5|...
> > 2015/11/10 19:25:30.016 kid1| 33,3| AsyncCall.cc(93) ScheduleCall:
> > IoCallback.cc(135) will call
> > ConnStateData::clientPinnedConnectionRead(local=172.31.1.15:49421
> > remote=212.45.105.89:443 FD 15 flags=1, f
tion to
CloudFront without SNI.
Best regards,
Stefan
Am Dienstag, den 10.11.2015, 08:49 -0700 schrieb Alex Rousskov:
On 11/10/2015 07:05 AM, Stefan Kutzke wrote:
My assumption is that I have to use in Squid's config:
acl MYSITE ssl:server_name .mydomain.com
ssl_bump bump MYSITE
ssl_bump spl
ata::connStateClosed(FD -1, data=0x19ced08)
Am Dienstag, den 10.11.2015, 08:49 -0700 schrieb Alex Rousskov:
On 11/10/2015 07:05 AM, Stefan Kutzke wrote:
My assumption is that I have to use in Squid's config:
acl MYSITE ssl:server_name .mydomain.com
ssl_bump bump MYSITE
ssl_bump splice
school.bettermarks.com port 443 (#0)
* Trying 212.45.105.89... connected
* Connected to school.bettermarks.com (212.45.105.89) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
The command have failed after a while wit
Hi Sebastian,
I will give it a try.
Regards,
Stefan
Am Dienstag, den 10.11.2015, 14:27 + schrieb Sebastian Kirschner:
> Hi Stefan,
>
> I think it would be better to peek at step1 (Then you have the Client
> SNI) and at step2 you could bump or splice.
> Your config
> > My assumption is that
Hi,
I needed to setup Squid as a transparent proxy with SSL bumping for only one
single https website.
The goal was to bump https connections to this website with its offical signed
SSL certificate.
As an illustration:
Website/hostname: https://abc.mydomain.com
DNS: abc.mydomain.com A 1.2.3.4
