@Alex, could you please share the config options that you set while building squid for ssl-bumping. I have been having real tough times in getting it right. Also, which OS are you running it on?
My use case is to enable ssl-bump and cache https content. (documents/videos etc, that are downloaded from an SSL enabled site) On 9 February 2016 at 06:54, Alex Samad <a...@samad.com.au> wrote: > Hi > > Got this working. wondering what the benefits are, wandering around > google, you tube, facebook not seeing much cache. Atleast I can pass > downloads through clamav... > > Are other people seeing caching of these sites ?? > > > On 9 February 2016 at 11:09, Alex Samad <a...@samad.com.au> wrote: > > got the ACL backwards > > > > # ssl-bump > > # pick up from a file > > #acl NoBump ssl::server_name /etc/squid/lists/noSSLPeek.lst > > > > # Alex test machine > > acl testIP src 10.172.208.105 > > > > # for testing > > acl haveServerName ssl::server_name .google.com > > > > > > # Do no harm: > > # Splice indeterminate traffic. > > ssl_bump splice ! testIP > > ssl_bump splice NoBump > > ssl_bump bump haveServerName > > ssl_bump peek all > > ssl_bump splice all > > > > On 9 February 2016 at 10:52, Alex Samad <a...@samad.com.au> wrote: > >> Hi > >> > >> Starting to look at ssl-bump found > >> http://wiki.squid-cache.org/Features/SslPeekAndSplice > >> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit > >> > >> I gather I need to modify my http_port to look someting like > >> > >> http_port 3128 ssl-bump \ > >> cert=/etc/squid/ssl_cert/myCA.pem \ > >> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > >> > >> > >> from http_port 3128 > >> > >> I have generated a int CA of our internal CA, the cert option above > >> points to a pem file. does that have pub and private in there ? > >> > >> I wanted to tested this on a specif ip so using > >> > >> # pick up from a file > >> acl NoBump ssl::server_name /etc/squid/lists/noSSLPeek.lst > >> acl NoBump src <testip> > >> > >> # for testing > >> acl haveServerName ssl::server_name google.com > >> > >> > >> # Do no harm: > >> # Splice indeterminate traffic. > >> ssl_bump splice NoBump > >> ssl_bump bump haveServerName > >> ssl_bump peek all > >> ssl_bump splice all > >> > >> > >> The way i read this is if I come from an address other then the > >> testip. the connect goes through. > >> But for the test ip I try and peek and if not splice . > >> > >> Create and initialize SSL certificates cache directory <<< where do I > >> set this directory in squid config ? > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
