-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please outline which of the 7 statements you mean by this.
Amos
On 17/04/2014 2:38 p.m., James Lay wrote:
From the squid.conf.documented:
# SSL Bump Mode Options: # In addition to these
options ssl-bump requires TLS/SSL options. # #
generate-host-certificates[=on|off] #
Dynamically create SSL server certificates for the #
destination hosts of bumped CONNECT requests.When #
enabled, the cert and key options are used to sign #
generated certificates. Otherwise generated #
certificate will be selfsigned. # If there is
a CA certificate lifetime of the generated #
certificate equals lifetime of the CA certificate. If #
generated certificate is selfsigned lifetime is three #
years. # This option is enabled by default
when ssl-bump is used. # See the ssl-bump
option above for more information.
I did not find this to be the case and had to add it to my
https_ports line:
https_port bleh:3129 intercept generate-host-certificates=on
ssl-bump cert=/opt/sslsplit/sslsplit.crt
key=/opt/sslsplit/sslsplitca.key options=ALL
Thank you.
James
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTUUGOAAoJELJo5wb/XPRj0y4IANdveekbpjcjs0mP/SyxNb3X
+9Oo2WekHaBM4jsyEKnfBoWfIrONCFVfQhtjSBVlWFFcoekUT4l21B8D2sK+Ytq1
ch0czzI2/jKDAnHca/wL2R0BGdnoxxAQ4cA6iUTQmN1cOnpKpxRZEf8068Awaf3j
jEyXPls9W1rXHKDKiKLNJyAh4uhm7cWYEqS58xPnVx5LZEf5pKwYXPV7lXgkjggJ
FTbw9OmL54iWPkcX5yvdF2sA0pVLo5511hbe2XSc7Jdv6yvifQEzwwA/ROBSCruF
GVz++38JWaYMzmqw+xn3qgWYgvgKaGb+hlmYte9WI2koygUVWxUrmc5tKo6BOf8=
=pQt0
-END PGP SIGNATURE-