1

Topic: SQUID and SSL

SSL it is made as in  adjustments
[spoiler] acl SSL_ports port 443 563 8443 3443 990
acl SSL_ports port 5190 5222 2042 # Chats
acl CONNECT method CONNECT
http_access deny CONNECT! SSL_ports
[/spoiler]
Connected SSL-traffic check (the certificate is imported)
http_port 10.66.0.71:8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert =/etc/squid/ssl_cert/squid.pem key =/etc/squid/ssl_cert/squid.pem
In browsers all is normal.
Problems began at usage of programs: , agents,  etc.
The beginnings in broad gulls to look where similar programs walk and made exceptions (error TAG_NONE)
[spoiler] sslcrtd_program/usr/lib64/squid/ssl_crtd-s/var/cache/ssl_db-M 4MB
sslcrtd_children 300 startup=10 idle=5
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_options NO_SSLv2, NO_SSLv3, SINGLE_DH_USE
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice Skype. Domain
ssl_bump splice TeamViewer. Domain
ssl_bump splice Icq. Domain
ssl_bump bump all
[/spoiler]
It became almost normal (TCP_TUNNEL)
The problem remains only in a case when CONNECT goes on port distinct from 443 (all as TAG_NONE)
Through SSL_Ports locks are not present (as TCP_DENIED is not written), and TAG_NONE says that there was an attempt of check SSL, but why if the domain in resolved is registered...
I can not understand, why it is not eliminated from check.

2

Re: SQUID and SSL

It is solved: there was not a true order corrected.