I am trying to enable TLS caching with squid. Running Squid Cache: Version 6.5 on Ubuntu 24.04 squid-openssl This binary uses OpenSSL 3.0.10 1 Aug 2023. configure options: '--with-openssl' '--enable-ssl-crtd'
My config line:
https_port 3129 tls-cert=/etc/squid/squid-ca-cert.pem tls-key=/etc/squid/squid-ca-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslcrtd_program /lib/squid/security_file_certgen -c -s /usr/local/squid/var/cache/squid/ssl_db -M 4MB
When I add ssl-bump:
https_port 3129 ssl-bump tls-cert=/etc/squid/squid-ca-cert.pem tls-key=/etc/squid/squid-ca-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
I get an error:
FATAL: Bungled /etc/squid/squid.conf line 42: https_port 3129 ssl-bump tls-cert=/etc/squid/squid-ca-cert.pem tls-key=/etc/squid/squid-ca-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
So far I confirmed Squid configured with required options:
'--with-openssl' '--enable-ssl-crtd'
When I run curl --proxy-insecure --proxy https://localhost:3129 it works, but in the logs I see:
1711580401.645 162 192.168.65.1 TCP_TUNNEL/200 41698 CONNECT assets-global.website-files.com:443 - HIER_DIRECT/54.230.18.101 -
1711580403.972 92 192.168.65.1 TCP_TUNNEL/200 41699 CONNECT assets-global.website-files.com:443 - HIER_DIRECT/54.230.18.101 -
1711580404.771 103 192.168.65.1 TCP_TUNNEL/200 41700 CONNECT assets-global.website-files.com:443 - HIER_DIRECT/54.230.18.101 -
How do I configure https_port on 3129 with TLS so it actually caches requests?