This is the snippet of what we use to SSL bump browser CONNECT requests which 
have proxy settings explicitly set to use Squid (only selected sites are 
bumped).

<skip>
http_port 3128 ssl-bump generate-host-certificates=on 
dynamic_cert_mem_cache_size=4MB cert=/etc/opt/quintolabs/qlproxy/myca.pem
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/spool/squid3_ssldb -M 4MB
always_direct allow all

acl qlproxy_https_exclusions dstdomain 
"/etc/opt/quintolabs/qlproxy/squid/https_exclusions.conf"
acl qlproxy_https_targets dstdomain 
"/etc/opt/quintolabs/qlproxy/squid/https_targets.conf"
ssl_bump none localhost
ssl_bump server-first qlproxy_https_targets
ssl_bump none all

<skip>

P.S. Ubuntu 13, Debian 7 x64 with adjusted Squid compilation --enable-ssl 
--enable-ssl-crtd



-----Original Message-----
From: Amos Jeffries [mailto:squ...@treenet.co.nz] 
Sent: Friday, November 22, 2013 2:40 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] anyOne who has working ssl_bump configuration for 
facebook ???

On 23/11/2013 2:22 a.m., Víctor Fernández Martínez wrote:
> Hi,
> 
> I use the ssl_bump and Facebook works flawlessly.
> 
> - Did you import the ssl_bump root CA certificate into the client 
> you're using to browse those websites?
> - Which kind of certificate errors do you get? Which browser are you using?
> 

And which of the 8 different configurations of ssl-bump are you using?
ie provide your squid.conf snipppets please.

Amos

Reply via email to