Re: [squid-users] https with squid

From: Chris Robertson <crobertson_at_gci.net>
Date: Thu, 14 Aug 2008 11:35:01 -0800

Ismail OZATAY wrote:
> Hello all,
>
> I am sorry maybe you have seen lots of like these questions but i have
> already searched archive and could not fix my problem. I am using
> squid-2.6.STABLE18p0 with OpenBSD 4.3. I can not use https as
> transparent proxy like http. I redirected http and https traffic to
> squid. http works properly. This the error log from access.log -->
> TCP_DENIED/400 1558 NONE error:unsupported-request-method - NONE/-
> text/html

What you are attempting is called a man-in-the-middle attack.
Transparent interception of HTTPS traffic is (by design) not possible.
Squid 3HEAD includes a feature called sslbump
(http://wiki.squid-cache.org/Features/SslBump) that will facilitate the
interception and decryption of HTTPS traffic.

>
>
>
> How can i fix it ?

Use WPAD, statically assign a proxy server, or let SSL traffic bypass Squid.

>
> Thanks
>
> ismail

Chris
Received on Thu Aug 14 2008 - 19:35:08 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 15 2008 - 12:00:03 MDT