On 9/11/2015 10:43 p.m., maple wrote:
> Hi Amos,
>
> thanks for confirmation, but I'm not sure if my upstream proxy support
> TLS/SSL in that way as you said, but we can use it to proxy both http and
> https request, does it mean it support TLS/SSL?
>
> To be honest, I'm not familiar with princip
Hi Amos,
thanks for confirmation, but I'm not sure if my upstream proxy support
TLS/SSL in that way as you said, but we can use it to proxy both http and
https request, does it mean it support TLS/SSL?
To be honest, I'm not familiar with principle of http/https proxy at all,
for solving this prob
On 9/11/2015 2:40 a.m., maple wrote:
> hi Amos,
>
> first of all, thanks very much for your specified answer. and about your
> questions:
> 1) are you the sysadmin for that network?
> there are actually three networks involved: internal net(I'm fully in charge
> of this) <--->lab network(jump ser
hi Amos,
first of all, thanks very much for your specified answer. and about your
questions:
1) are you the sysadmin for that network?
there are actually three networks involved: internal net(I'm fully in charge
of this) <--->lab network(jump server located, I'm using it to set up ssh
tunnel from
On 6/11/2015 12:30 a.m., maple wrote:
> Hi Amos,
>
> So, if I understand it right, it's impossible to do ssl-bump even I use the
> proxychains to chain the squid with my parent proxy without using
> cache_peer(because I'm confirmed that ssl-bump+cache_peer must not work in
> squid), am I right?
>
Hi Amos,
So, if I understand it right, it's impossible to do ssl-bump even I use the
proxychains to chain the squid with my parent proxy without using
cache_peer(because I'm confirmed that ssl-bump+cache_peer must not work in
squid), am I right?
I just wonder how admin900710 make things work by u
On 5/11/2015 7:44 p.m., maple wrote:
> hi Amos,
>
> what did you exactly refer to for "These particular use-case issue"?
SSL-bump for port 443 intercepted directly by the proxy doing the bumping.
https_port X intercept ssl-bump ...
If there is an upstream proxy relaying to this one (eg proxych
hi Amos,
what did you exactly refer to for "These particular use-case issue"? it
means in 3.5+, cache_peer can be used with ssl_bump together smoothly? or It
resolves the integration problem between squid and proxychains?
anyway, I have already upgraded my squid to 3.5.9, but neither for
cache_pe
On 5/11/2015 3:47 p.m., maple wrote:
> sorry, I post my question again since last time I was not a subscriber yet.
>
>
>
> Hi,
>
> after a lot of google, I finally got this post, I met the exactly same
> problem as you, and can't use squid to han
sorry, I post my question again since last time I was not a subscriber yet.
Hi,
after a lot of google, I finally got this post, I met the exactly same
problem as you, and can't use squid to handle https traffic behind parent
proxy. I also tried w
OK, it seems that CONNECT+SSL/TLS is really not supported yet...
So I use proxychains and allow_direct without cache_peer.
And things works:
--
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=www.google.com
* start date: 2015-07-06 07:17:41 GMT
* e
Some extra clue:
Cache log says:
--
2015/07/07 08:55:54 kid1| Accepting SSL bumped HTTP Socket connections
at local=[::]:3128 remote=[::] FD 23 flags=9
2015/07/07 08:55:55 kid1| storeLateRelease: released 0 objects
2015/07/07 08:55:57 kid1| assertion failed: PeerConnector.cc:116:
"peer->use_ss
Tried your config in my environment.
Although curl can get to the sites through privoxy, just like the log says:
--
1436230195.213432 ::1 TCP_TUNNEL/200 4146 CONNECT
www.google.com:443 - FIRSTUP_PARENT/127.0.0.1 -
--
But the certificate got is still the original one, not the fake one:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I use 3.4 version. Yes, this is old directives.
3.5.x, on my opinion, don't do SSL Bump in NAT transparent interception
environment.
06.07.15 20:21, adam900710 пишет:
> 2015-07-06 22:05 GMT+08:00 Yuri Voinov :
>>
> My own solution in conjunction
2015-07-06 22:05 GMT+08:00 Yuri Voinov :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> My own solution in conjunction with Tor + Privoxy looks like this (Note:
> for Squid 3.4.13):
>
> # Tor acl
> acl tor_url url_regex -i "/usr/local/squid/etc/url.tor"
>
> # SSL bump rules
> sslproxy_ce
Great thanks,I'll try it later.
Thanks
2015年7月6日 22:06于 "Yuri Voinov" 写道:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> My own solution in conjunction with Tor + Privoxy looks like this (Note:
> for Squid 3.4.13):
>
> # Tor acl
> acl tor_url url_regex -i "/usr/local/squid/etc/url.tor"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
My own solution in conjunction with Tor + Privoxy looks like this (Note:
for Squid 3.4.13):
# Tor acl
acl tor_url url_regex -i "/usr/local/squid/etc/url.tor"
# SSL bump rules
sslproxy_cert_error allow all
ssl_bump none localhost
ssl_bump none url
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And finally:
HTTPS is used for malware transmission - and we can't scan it!, for porn
viewing, for illegal P2P traffic and others.
And we are the paladines in white robes.
06.07.15 19:34, adam900710 пишет:
> 2015-07-06 20:06 GMT+08:00 Amos Jeffr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And also:
As long as you stay in the white robes, the whole world supports the
illusion of security HTTPS. The world has changed in the eyes of the
past three years. And by the way, your branch 3.4 has long been used in
commercial solutions. Doing
2015-07-06 20:06 GMT+08:00 Amos Jeffries :
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a lot of sites I can't access.
>>
>> 2) Use local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
06.07.15 18:06, Amos Jeffries пишет:
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
06.07.15 18:06, Amos Jeffries пишет:
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a
On 6/07/2015 9:30 p.m., adam900710 wrote:
>
> Here is some of my experiments:
> 1) Remove "never_direct"
> Then ssl_bump works as expected, but all traffic doesn't goes through
> the SOCKS5 proxy. So a lot of sites I can't access.
>
> 2) Use local 8118 proxy
> That works fine without any problem,
Forgot some extra infomation:
squid build info:
---
Squid Cache: Version 3.5.5
Service Name: squid
configure options: '--prefix=/usr' '--sbindir=/usr/bin'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--libexecdir=/usr/lib/squid' '--localstatedir=/var'
'--with-logdir=/var/log/squid' '--w
Hi all,
I tried to build a ssl bumping proxy with up level proxy, but client
failed to connect like the following.
The error:
---
$ curl https://www.google.co.jp - -k
* Rebuilt URL to: https://www.google.co.jp/
* Trying ::1...
* Connected to localhost (::1) port 3128 (#0)
* Establish HTTP pro
25 matches
Mail list logo
