-
-
Save djch/9b883580c6ee84f31cd1 to your computer and use it in GitHub Desktop.
Our current Squid SSL bump config using v3.5.10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ---------------------------------------------------------------------------- # | |
# SSL and Intercepted Traffic Settings # | |
# ---------------------------------------------------------------------------- # | |
acl step1 at_step SslBump1 | |
acl step2 at_step SslBump2 | |
ssl_bump peek step1 | |
ssl_bump bump step2 | |
sslproxy_cert_error deny all | |
sslcrtd_program /usr/bin/squid_ssl_crtd -s /usr/local/squid/ssl_db -M 4MB | |
sslcrtd_children 32 startup=5 idle=1 | |
# ---------------------------------------------------------------------------- # | |
# Squid Listening Interfaces # | |
# ---------------------------------------------------------------------------- # | |
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/proxy-cert.cer key=/usr/local/squid/ssl_cert/proxy-key.key | |
http_port 3129 intercept name=3129 | |
https_port 3130 intercept name=3130 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/proxy-cert.cer key=/usr/local/squid/ssl_cert/proxy-key.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment