On Sun, 14 Feb 2010 18:30:34 -0600, Andres Salazar <ndrsslz...@gmail.com> wrote: > Hello, > > Iam trying to configure SSLbump so that I can use squid in transparent > mode and redirect with iptables/pf port 443 and 80 to squid. > > When using https_port (based on some mailing lists) it says that isnt > recognized. > I also tried to use > > http_port 3129 transparent sslBump > cert=/usr/local/squid/etc/server.crt > key=cert=/usr/local/squid/etc/server.key >
Kill that http_port = SslBump only bumps CONNECT requests in regular port 80 traffic. And CONNECT requests are illegal unless explicitly talking to a proxy. Passing port 443 there will only result in dropped connections and maybe logged warnings about garbage (encrypted data) arriving from a client. To intercept HTTPS you do need to be on an https_port. Your squid need to be built with SSL support. > and > > http_port 3129 sslBump cert=/usr/local/squid/etc/server.crt > key=cert=/usr/local/squid/etc/server.key > > But then I recieve this error: > > FATAL: Bungled squid.conf line 38: http_port 3129 transparent sslBump > cert=/usr/local/squid/etc/server.crt > key=cert=/usr/local/squid/etc/server.key "key=cert=" ?? Amos
