#webproxies

Facebook and Twitter now both use SSL by default. Slowfruit can finally access the SSL secured versions of both Facebook and Twitter as well as any other SSL enabled website! Also, Slowfruit.net now can be accessed with SSL as well - https://slowfruit.net/. Currently, we use a self-signed certificate that you will manually have to approve. Stay tuned for more exciting news!

I recently realized that my webproxy (slowfruit.net) wasn't allowing access to SSL enabled websites. Apparently, this can be fixed by configuring SSL bumping (launching a man -- or squid -- in the middle attack) in squid to decrypt and re-encrypt HTTPS tunnels. Unfortunately, the latest squid version that's supported by Debian 7.0 (Wheezy) is squid 2.7 and it doesn't support ssl-bump. To fix this I installed the latest squid3 binary from Debian's sid (unstable) repositories. Unfortunately (again) even the sid binary was not compiled with the "--enable-ssl" option, which meant that I couldn't configure SSL bumping. The only option I had left was to compile squid3 from source. Luckily, I found BUILD SQUID WITH –ENABLE-SSL ON DEBIAN, which details how to create a .deb binary from a Debian source repository. The directions are pretty straightforward, I just modified them to build squid3 from the Debian sid source repos instead. To install the .deb type: dpkg -i squid3_3.3.8-1_i386.deb If you want to install squid3 with ssl support (compiled with --enable-ssl) on Debian 7.0 (Wheezy,) feel free to download my squid3_3.3.8-1_i386.deb (2.4 MB) binary. Please don't contact me for support, though! To configure squid3 on Debian 7.0 (Wheezy) I referenced the instructions on How to configure Squid 3.2 for SSL Bumping and Dynamic SSL Certificate Generation. Make sure to double check any lines that you copy/paste. You don't want to inadvertently mess anything up...