hi everyone, i hope someone can help me :) i have this problem:
squid is running as a ssl transparent proxy, and at the moment it's receiving all the traffic with these two iptables rules: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3130 so far no problem at all. everything works perfect ... but when i add any simple acl to block a ssl website, i get this browser's error: ssl connection error (ERR_SSL_PROTOCOL_ERROR) also, if i try to run squid with the line currently commented in the conf pasted below, i get a certificate error (domain mismatch) from the client. http_port 3128 intercept https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/proxy_matrix- test_com.crt key=/usr/local/squid/ssl_cert/squid.key acl broken_sites dstdomain google.it ssl_bump none localnet ssl_bump none broken_sites #ssl_bump server-first all sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5 (proxy_matrix-test_com.crt is signed by a recognized certification authority) any ideas ? thanks.
