Hi all,
I'm trying to use these two features at the same time. The use case is pretty
simple. I want to capture all traffic from a single source (a device of mine)
to another squid proxy server and decrypt/log it. I'm using the Ubuntu 20
package of squid-ssl version 4.13.
Device -> ssl_bump pro
On 3/8/22 14:16, Aaron Dewell wrote:
I'm trying to use these two features at the same time. The use case is
pretty simple. I want to capture all traffic from a single source (a
device of mine) to another squid proxy server and decrypt/log it. I'm
using the Ubuntu 20 package of squid-ssl v
Hi Alex, thanks for your reply! I did get access to the parent proxy and my
assumption was wrong, it's doing minimal bumping. Also, the reason it's on 443
is to operate on a "standard" port for firewalls.
The parent is doing peek and splice to an exact list of internal destinations.
Specificall
On 3/8/22 16:38, Aaron Dewell wrote:
Hi Alex, thanks for your reply! I did get access to the parent proxy
and my assumption was wrong, it's doing minimal bumping.
TLS inspection at the parent proxy does not affect what I was trying to
double check. What matters is whether it is a forward HTT
Ok, with a bit more messing with it... Changing bump to splice does work:
ssl_bump splice all
Adding:
acl step2 at_step SslBump2
ssl_bump peek step1
ssl_bump peek step2
ssl_bump splice step2
Fails (back to the connection errors as with bump). My guess is that this means
it can splice at step1 bu
On 3/8/22 17:56, Aaron Dewell wrote:
Ok, with a bit more messing with it... Changing bump to splice does work:
ssl_bump splice all
Noted.
Adding:
acl step2 at_step SslBump2
ssl_bump peek step1
ssl_bump peek step2
ssl_bump splice step2
The above is a bad configuration because no rule m
