I am using intercept. It has worked well for me for the ssl-bump so far. *http_port 192.168.100.1:800 <http://192.168.100.1:800> intercept* *https_port 192.168.100.1:808 <http://192.168.100.1:808> intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem*
I haven't ever tried it without intercept. I will try it and see what happens. On Wed, May 6, 2015 at 7:59 PM, Jason Haar <jason_h...@trimble.com> wrote: > On 07/05/15 12:45, Stanford Prescott wrote: > > *1430958788.054 5572 192.168.100.104 TCP_TUNNEL/200 2964 CONNECT > 172.225.222.201:443 <http://172.225.222.201:443> - > ORIGINAL_DST/172.225.222.201 <http://172.225.222.201> -* > > That smells like transparent/intercept? Is that correct? You have to NOT > do that until you've got it working via the standard proxy option. It's > very hard to do SSL intercept transparently > > -- > Cheers > > Jason Haar > Corporate Information Security Manager, Trimble Navigation Ltd. > Phone: +1 408 481 8171 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
