Skip to content

Instantly share code, notes, and snippets.

@djch
Last active Oct 14, 2015
Embed
What would you like to do?
Our current Squid SSL bump config using v3.5.10
# ---------------------------------------------------------------------------- #
# SSL and Intercepted Traffic Settings #
# ---------------------------------------------------------------------------- #
acl step1 at_step SslBump1
acl step2 at_step SslBump2
ssl_bump peek step1
ssl_bump bump step2
sslproxy_cert_error deny all
sslcrtd_program /usr/bin/squid_ssl_crtd -s /usr/local/squid/ssl_db -M 4MB
sslcrtd_children 32 startup=5 idle=1
# ---------------------------------------------------------------------------- #
# Squid Listening Interfaces #
# ---------------------------------------------------------------------------- #
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/proxy-cert.cer key=/usr/local/squid/ssl_cert/proxy-key.key
http_port 3129 intercept name=3129
https_port 3130 intercept name=3130 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/proxy-cert.cer key=/usr/local/squid/ssl_cert/proxy-key.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment