Hello,
I've read and tried to follow several guides on the internet trying to get Squid to work as a simple transparent proxy for both http/https traffic, I mainly just trying to create a simple testing environment to just ensure "proxy stuff" works when a proxy url is specified.
I took the default squid.conf and added the following configuration (pulled from guides/FAQs):
==============================
http_port 3128
https_port 3129 intercept \
ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=4MB \
cert=/etc/squid/certs/squid-ca-cert-key.pem \
options=ALL
sslcrtd_program /lib/squid/security_file_certgen -s /var/cache/squid_ssldb -M 4MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
tls_outgoing_options options=NO_SSLv3,NO_TLSv1,NO_TLSv1_1
==============================
In my application, when I specify my proxy URL to
http://localhost:3128, everything worked as expected, Squid would do its things:
==============================
==============================
==============================
1690468199.725 0 127.0.0.1 NONE/000 0 NONE error:accept-client-connection - HIER_NONE/- -
1690469483.230 0 127.0.0.1 NONE/000 0 NONE error:accept-client-connection - HIER_NONE/- -
==============================
For some reason, despite I disabled TLSv1, in my wireshark trace, the client still ended up sending TLSv1 handskake to squid.
![wireshark.png](https://groups.google.com/group/web-safety/attach/17512cd91adea/wireshark.png?part=0.1&view=1)
What/how do I need to configure it such that https traffic would just pass through Squid like a transparent proxy?
Running squid -k parse on the config, there is no error either.
Any hint would be appreciated.
Regards,
Eric