ssl intercept and forward to privoxy

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ssl intercept and forward to privoxy

teapot
Hi, I'm attempting to set up squid to perform SSL interception and route its
traffic through tor, and I'm a bit stuck. I've started with  this guide
<https://wiki.vpsget.com/index.php/Squid+Privoxy+Tor>  .

This works for HTTP traffic, but does not work for SSL; for the latter I get
the error 'kid1| assertion failed: PeerConnector.cc:116: "peer->use_ssl"'
from squid; however if I add the 'ssl' directive to the cache_peer, neither
type of connection will work.

Is privoxy truly required for this? If I have understood  this thread
<http://squid-web-proxy-cache.1019090.n4.nabble.com/ERR-CANNOT-FORWARD-with-Squid-Privoxy-td4681111.html>  
correctly, once the CONNECT is received by squid it cannot then recreate
that command to a peer and the SSL connection will fail. However, the only
other discussions of this topic I have found say that squid cannot send
directly to a listening tor service.

squid v3.5.23 on Debian Stretch, privoxy 3.0.26, tor 0.2.9.14



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: ssl intercept and forward to privoxy

Amos Jeffries
Administrator
On 30/03/18 12:01, teapot wrote:
> Hi, I'm attempting to set up squid to perform SSL interception and route its
> traffic through tor, and I'm a bit stuck. I've started with  this guide
> <https://wiki.vpsget.com/index.php/Squid+Privoxy+Tor>  .
>
> This works for HTTP traffic, but does not work for SSL; for the latter I get
> the error 'kid1| assertion failed: PeerConnector.cc:116: "peer->use_ssl"'
> from squid; however if I add the 'ssl' directive to the cache_peer, neither
> type of connection will work.

HTTPS requires a secure connections. You cannot send it as plain-text.

Apparently privoxy does not support receiving TLS.


>
> Is privoxy truly required for this? If I have understood  this thread
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/ERR-CANNOT-FORWARD-with-Squid-Privoxy-td4681111.html>  
> correctly, once the CONNECT is received by squid it cannot then recreate
> that command to a peer and the SSL connection will fail. However, the only
> other discussions of this topic I have found say that squid cannot send
> directly to a listening tor service.

Yes. TOR protocol is not HTTP protocol nor is it HTTPS protocol.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: ssl intercept and forward to privoxy

Alex Rousskov
In reply to this post by teapot
On 03/29/2018 05:01 PM, teapot wrote:

> once the CONNECT is received by squid it cannot then recreate
> that command to a peer

FWIW, there is an experimental rough patch adding peering support for
SslBump in v4.0.24 [1]. We are working on a polished version for the
official submission.

I do not know whether that new functionality is enough to solve your tor
integration problems.


[1]
https://github.com/squid-cache/squid/compare/53fdd3f...measurement-factory:7a4c4ed.patch


Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users