L A Walsh
2018-11-29 12:33:58 UTC
I had a version of this working in squid3.x, but it didn't work
for some sites and didn't work well with a newer Opera, but did
ok with an older FF-clone.
I bumped to squid4 a few months ago, but stil haven't gotten to the point
where I can see and cache individual requests and following config examples
@ https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit,
I'm feeling rather clueless as to what I'm missing.
If someone could throw a few hints/clueballs my way I'd really appreciate
knowing what I'm doing wrong.
My port line looks like (it's all 1 line).
http_port ishtar.sc.tlinx.org:8118 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=64MB
tls-cert=/etc/squid/ssl_cert/myCA.pem
options=SINGLE_DH_USE,SINGLE_ECDH_USE
tls-dh=secp521r1,/etc/squid/ssl_cert/dhparam-4096.pem
myCA.pem contains both private+public sigs. I generated a separate
dhparam file, but don't know if I was supposed to include the curve
type in the generation command or if it only uses that later.
I pre-generated the cert dir and it seems to be running, but I don't
see any certs appearing in the dir
Looking at squid w/ps, I see:
root 56805 1 0 04:28 ? 00:00:00 /usr/sbin/squid
squid 56807 56805 42 04:28 ? 00:00:03 (squid-1) --kid squid-1
squid 56809 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56810 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56811 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56812 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56813 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56814 56807 0 04:28 ? 00:00:00 (logfile-daemon)
/var/log/squid/access.log
squid 56815 56807 0 04:28 ? 00:00:00 (pinger)
Any ideas where I might be missing things? I can decomment and
send the active lines from the config file if that would help.
Thanks for any pointers...
for some sites and didn't work well with a newer Opera, but did
ok with an older FF-clone.
I bumped to squid4 a few months ago, but stil haven't gotten to the point
where I can see and cache individual requests and following config examples
@ https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit,
I'm feeling rather clueless as to what I'm missing.
If someone could throw a few hints/clueballs my way I'd really appreciate
knowing what I'm doing wrong.
My port line looks like (it's all 1 line).
http_port ishtar.sc.tlinx.org:8118 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=64MB
tls-cert=/etc/squid/ssl_cert/myCA.pem
options=SINGLE_DH_USE,SINGLE_ECDH_USE
tls-dh=secp521r1,/etc/squid/ssl_cert/dhparam-4096.pem
myCA.pem contains both private+public sigs. I generated a separate
dhparam file, but don't know if I was supposed to include the curve
type in the generation command or if it only uses that later.
I pre-generated the cert dir and it seems to be running, but I don't
see any certs appearing in the dir
Looking at squid w/ps, I see:
root 56805 1 0 04:28 ? 00:00:00 /usr/sbin/squid
squid 56807 56805 42 04:28 ? 00:00:03 (squid-1) --kid squid-1
squid 56809 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56810 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56811 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56812 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56813 56807 0 04:28 ? 00:00:00 (security_file_certgen)
-s /var/cache/squid/lib/ssl_db -M 64MB
squid 56814 56807 0 04:28 ? 00:00:00 (logfile-daemon)
/var/log/squid/access.log
squid 56815 56807 0 04:28 ? 00:00:00 (pinger)
Any ideas where I might be missing things? I can decomment and
send the active lines from the config file if that would help.
Thanks for any pointers...