Hi Alex,
sorry for the late reply.
> > 2015/11/10 19:24:30.181 kid1| 33,5|...
> > 2015/11/10 19:25:30.016 kid1| 33,3| AsyncCall.cc(93) ScheduleCall:
> > IoCallback.cc(135) will call
> > ConnStateData::clientPinnedConnectionRead(local=172.31.1.15:49421
> > remote=212.45.105.89:443 FD 15 flags=1, f
On 15/11/2015 11:52 a.m., Alex Rousskov wrote:
> On 11/14/2015 12:42 PM, Stefan Kutzke wrote:
>
>> I have built a RPM package with latest 3.5.11 source based
>> on http://www1.ngtech.co.il/repo/centos/6/SRPMS/squid-3.5.9-1.el6.src.rpm
>> Squid is configured with SSL bump similar to the configurati
On 11/14/2015 12:42 PM, Stefan Kutzke wrote:
> I have built a RPM package with latest 3.5.11 source based
> on http://www1.ngtech.co.il/repo/centos/6/SRPMS/squid-3.5.9-1.el6.src.rpm
> Squid is configured with SSL bump similar to the configuration suggested
> by Sebastian.
...
> 2015/11/10 19:24:
... and more ...
I don't know what is going wrong or what is missing in the configuration.
Both Squid and client are able to connect to 212.45.105.89:443 with
# openssl s_client -connect 212.45.105.89:443
CONNECTED(0003)
depth=3 C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting
Here is more information...
Squid's complete cache.log:
2015/11/10 19:22:10 kid1| Set Current Directory to /var/spool/squid
2015/11/10 19:22:10 kid1| Starting Squid Cache version 3.5.11 for
x86_64-redhat-linux-gnu...
2015/11/10 19:22:10 kid1| Service Name: squid
2015/11/10 19:22:10 kid1| Process
Hi Alex,
okay, I think I understand a little more.
I am trying to get the old server-first method working with new peek and splice
but without success.
I have built a RPM package with latest 3.5.11 source based on
http://www1.ngtech.co.il/repo/centos/6/SRPMS/squid-3.5.9-1.el6.src.rpm
Squid is
Hi Sebastian,
I will give it a try.
Regards,
Stefan
Am Dienstag, den 10.11.2015, 14:27 + schrieb Sebastian Kirschner:
> Hi Stefan,
>
> I think it would be better to peek at step1 (Then you have the Client
> SNI) and at step2 you could bump or splice.
> Your config
> > My assumption is that
On 11/10/2015 07:05 AM, Stefan Kutzke wrote:
> My assumption is that I have to use in Squid's config:
> acl MYSITE ssl:server_name .mydomain.com
> ssl_bump bump MYSITE
> ssl_bump splice all
> This results in tunneling all https traffic, nothing will be bumped and
> cached.
Yes, probably becaus
Hi Stefan,
I think it would be better to peek at step1 (Then you have the Client SNI) and
at step2 you could bump or splice.
Your config
> My assumption is that I have to use in Squid's config:
>https_port :3443 intercept ssl-bump cert=
>key=
>acl MYSITE ssl:server_name .mydomain.com
>ssl_bump
Hi,
I needed to setup Squid as a transparent proxy with SSL bumping for only one
single https website.
The goal was to bump https connections to this website with its offical signed
SSL certificate.
As an illustration:
Website/hostname: https://abc.mydomain.com
DNS: abc.mydomain.com A 1.2.3.4
10 matches
Mail list logo
