By the help of God.
Hi,
I'm using squid with tproxy including https interception configuration.
The squid version is:
$ /usr/local/squid/sbin/squid -v
Squid Cache: Version 7.0.0-VCS
Service Name: squid
This binary uses OpenSSL 3.0.2 15 Mar 2022. configure options:
'--with-openssl' '--enable-ssl
By the help of God
Update the squid.conf:
http_port 0.0.0.0:3128
http_port 0.0.0.0:3129 tproxy
http_port 0.0.0.0:3130 tproxy ssl-bump \
cert=/usr/local/squid/etc/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
# For squid 4.x
sslcrtd_program /usr/local/squid/
On 6/15/23 07:31, Ben Goz wrote:
the tproxy configuration works perfectly using http without ssl,
But using ssl I'm getting in browser ssl error "ERR_SSL_PROTOCOL_ERROR"
http_port 0.0.0.0:3130 tproxy ...
This http_port is for plain text HTTP interception. The configuration
needs an https_
By the help of God
The https interception guide in this link:
https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#squid-configuration-file
is misleading as it uses http_port for ssl-bump and not https_port.
בתאריך יום ה׳, 15 ביוני 2023 ב-16:08 מאת Alex Rousskov <
rouss.
On 6/15/23 09:27, Ben Goz wrote:
The https interception guide in this link:
https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#squid-configuration-file
is misleading
I agree. That page should not use the word "intercept" when talking
about HTTP CONNECT inspection and bump
