{"id":570,"date":"2016-09-16T17:23:04","date_gmt":"2016-09-16T08:23:04","guid":{"rendered":"http:\/\/manatails.net\/blog\/?p=570"},"modified":"2022-04-03T13:48:54","modified_gmt":"2022-04-03T04:48:54","slug":"basic-squid-sslbump-configuration","status":"publish","type":"post","link":"https:\/\/manatails.net\/blog\/2016\/09\/basic-squid-sslbump-configuration\/","title":{"rendered":"Basic Squid SSLBump configuration"},"content":{"rendered":"

To use SSLBump with Squid you need to rebuild Squid with SSL flags enabled as the default debian package does not contain them.<\/p>\n

$ sudo apt-get install devscripts build-essential fakeroot libssl-dev<\/pre>\n
And uncomment the deb-src from main repository as we need to download the source. After that download the squid3 source package and edit the rules file:<\/p>\n
$ cd ~\r\n$ apt-get update\r\n$ apt-get source squid3\r\n$ sudo apt-get build-dep squid3\r\n\r\n$cd squid3-3.5.12\r\n$sudo nano debian\/rules\r\n<\/pre>\n
add to DEB_CONFIGURE_EXTRA_FLAGS<\/p>\n
–with-openssl \\
\n–enable-ssl-crtd \\<\/p>\n
dpkg-buildpackage -rfakeroot -b\r\n\r\ndpkg -i *.deb\r\n<\/pre>\n
Squid is now installed, next step is to generate\u00a0the required self signed certificates:<\/p>\n
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout myCA.pem  -out myCA.pem\r\n\r\nopenssl x509 -in myCA.pem -outform DER -out myCA.der\r\n<\/pre>\n
Deploy the generated der file to client browers\/devices<\/p>\n
But upon starting the Squid service, it died stating that the ssl db directory was not initialized so I used the ssl_crtd from the build directory to initialize it.<\/p>\n
sudo \/home\/manatails\/squid\/squid3-3.5.12\/src\/ssl\/ssl_crtd -c -s \/var\/lib\/ssl_db\r\n<\/pre>\n
Following is minimalist config file for running squid with SSLBump, self-explanatory.<\/p>\n
acl home_ip src 192.168.28.0\/24\r\nhttp_access allow home_ip\r\nhttp_port 3128 ssl-bump cert=\/etc\/squid\/ssl_cert\/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB\r\n\r\nacl step1 at_step SSlBump1\r\n\r\nssl_bump peek step1\r\nssl_bump bump all\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
To use SSLBump with Squid you need to rebuild Squid with SSL flags enabled as the default debian package does not contain them. $ sudo apt-get install devscripts build-essential fakeroot libssl-dev And uncomment the deb-src from main repository as we need to download the source. After that download the squid3 source package and edit the … Continue reading Basic Squid SSLBump configuration<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[14,107,106],"class_list":["post-570","post","type-post","status-publish","format-standard","hentry","category-computer","tag-linux","tag-proxy","tag-squid"],"_links":{"self":[{"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/posts\/570","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/comments?post=570"}],"version-history":[{"count":4,"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/posts\/570\/revisions"}],"predecessor-version":[{"id":574,"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/posts\/570\/revisions\/574"}],"wp:attachment":[{"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/media?parent=570"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/categories?post=570"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/manatails.net\/blog\/wp-json\/wp\/v2\/tags?post=570"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}