* Bud Miljkovic :
> r2:/# /usr/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB
> /usr/libexec/ssl_crtd: Uninitialized SSL certificate database directory:
> /var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /var/lib/ssl_db".
So run /usr/libexec/ssl_crtd -c -s /var/lib/ssl_db
> *However, when I try t
Ralf.Hildebrandt wrote to *Bud Miljkovic* :
> # Intercept transparent HTTPS traffic
> https_port 3129 intercept ssl-bump cert=/etc/squid/ssl_cert/myCA.pem
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> ssl_bump splice all
> sslcrtd_program /usr/libexec/ssl_crtd -s /var/lib/ssl_d
If someone has already done that, with the client running in a different
machine, I would love to know how.
In case Squid runs on the same machine used as a network gateway to the
client machine, I suppose the config would be similar, but if it's not
running on the same machine used as the gateway
On 2023-09-29 13:55, Fernando Giorgetti wrote:
The "intercept" scenario demonstrated here
https://wiki.squid-cache.org/ConfigExamples/Intercept/AtSource
makes sense to me, as we are just redirecting internal traffic into Squid,
so the original destination IP is preserved.
I was able to make
Alex,
Sorry for my misconceptions in my previous email.
The "intercept" scenario demonstrated here
https://wiki.squid-cache.org/ConfigExamples/Intercept/AtSource
makes sense to me, as we are just redirecting internal traffic into Squid,
so the original destination IP is preserved.
I was able to
On 2023-09-29 10:55, Fernando Giorgetti wrote:
Do you control the client application? If yes, then perhaps it can be
adjusted to support HTTP proxies? In other words, the client will send a
plain text HTTP CONNECT request to Squid and, upon receiving a 200
(Connection Established)
>
> Do you control the client application? If yes, then perhaps it can be
> adjusted to support HTTP proxies? In other words, the client will send a
> plain text HTTP CONNECT request to Squid and, upon receiving a 200
> (Connection Established) response headers, will start using TLS with the
> orig
On 2023-09-29 09:17, Fernando Giorgetti wrote:
Actually I am evaluating if Squid can be used to proxy Non-HTTP/TLS
data, as we have a restricted environment where Squid is currently the
only way to get out to the internet.
Yes, Squid can tunnel non-HTTP data, including TLS data.
The idea is
Hello Alex,
First of all, thanks for your attention and time.
Actually I am evaluating if Squid can be used to proxy Non-HTTP/TLS
data, as we have a restricted environment where Squid is currently the
only way to get out to the internet.
The idea is that the client application will open a connec
