SSLProxy "Client-side BEV_EVENT_ERROR" problem in FreeBSD

[BSN32]

Hi, i have installed and configured SSLproxy v0.8.3 (built 2021-05-05) on FreeBSD 11.2 and FreeBSD 13.0 Release versions according to sslproxy freebsd man page instructions . I am also imported ca.crt to my firefox browser but i could not run sslproxy. Any help would be appreciated.

*** my PF and IPFW configs here:

######## IPFW RULES ##########

ipfw -q -f flush

ipfw -q add 1 allow all from any to any out via lo0
ipfw -q add 2 allow all from any to any in via lo0

ipfw -q add 3 fwd 127.0.0.1,8443 tcp from 192.168.2.0/24 to any 443

ipfw -q add 65534 allow ip from any to any

######## PF RULES ##########

int_if = "em1"
ext_if = "em0"
int_net = "192.168.2.0/24"

set loginterface em0

# Do not skip lo, we have rules for lo conns
#set skip on lo

#openbsd's pf rule# scrub in (no-df)
scrub in log all

nat on em0 from { !em0 } to any -> (em0)

pass out quick on lo0 from any to any
pass in quick on lo0 from any to any

pass in quick on em1 proto { tcp udp } from any to any port 53
pass in quick on em0 proto { tcp udp } from any to any port 53

################################################## ***Output of sslproxy -V

root@host:~ # sslproxy -V
SSLproxy v0.8.3 (built 2021-05-05)
Copyright (c) 2017-2021, Soner Tari <sonertari@gmail.com>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_IPFILTER -DHAVE_IPFW -DHAVE_PF -DWITHOUT_USERAUTH
NAT engines: pf* ipfw ipfilter
ipfilter: version 5010200
Local process info support: yes (FreeBSD sysctl)
compiled against OpenSSL 1.0.2o  27 Mar 2018 (100020ff)
rtlinked against OpenSSL 1.0.2o  27 Mar 2018 (100020ff)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: ssl3 tls10 tls11 tls12 
SSL/TLS algorithm availability: SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.8-stable
rtlinked against libevent 2.1.8-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.8.1
4 CPU cores detected

***root@host:~ # uname -a FreeBSD host 11.2-RELEASE-p14 FreeBSD 11.2-RELEASE-p14 #0: Mon Aug 19 22:38:50 UTC 2019 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64

***Exact command line arguments used to run sslproxy

`root@host:~ # /usr/local/bin/sslproxy -f /etc/sslproxy/sslproxy.conf -D`
SSLproxy v0.8.3 (built 2021-05-05)
Copyright (c) 2017-2021, Soner Tari <sonertari@gmail.com>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_IPFILTER -DHAVE_IPFW -DHAVE_PF -DWITHOUT_USERAUTH
NAT engines: pf* ipfw ipfilter
ipfilter: version 5010200
Local process info support: yes (FreeBSD sysctl)
compiled against OpenSSL 1.0.2o  27 Mar 2018 (100020ff)
rtlinked against OpenSSL 1.0.2o  27 Mar 2018 (100020ff)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: ssl3 tls10 tls11 tls12 
SSL/TLS algorithm availability: SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.8-stable
rtlinked against libevent 2.1.8-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.8.1
4 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global SSL/TLS protocol: negotiate
proxyspecs:
- listen=[127.0.0.1]:8466 tcp|autossl pf
parent dst addr= [127.0.0.1]:9199
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8465 ssl|smtp pf
parent dst addr= [127.0.0.1]:9199
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8464 tcp|smtp pf
parent dst addr= [127.0.0.1]:9199
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8995 ssl|pop3 pf
parent dst addr= [127.0.0.1]:8110
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8994 tcp|pop3 pf
parent dst addr= [127.0.0.1]:8110
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8443 ssl|http pf
parent dst addr= [127.0.0.1]:8080
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8081 tcp|http pf
parent dst addr= [127.0.0.1]:8080
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
Loaded CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
NAT engine preinit 'pf'
Privsep fastpath disabled
Created self-pipe [r=6,w=7]
Created chld-pipe [r=8,w=9]
Created socketpair 0 [p=10,c=11]
Created socketpair 1 [p=12,c=13]
Created socketpair 2 [p=14,c=15]
Created socketpair 3 [p=16,c=17]
Created socketpair 4 [p=18,c=19]
Created socketpair 5 [p=20,c=21]
Privsep parent pid 35042
NAT engine fini 'pf'
Privsep child pid 35056
Using libevent backend 'kqueue'
Event base supports: edge yes, O(1) yes, anyfd yes
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 00 sz 1 on srvsock 10
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 14
Received privsep req type 00 sz 1 on srvsock 18
Received privsep req type 00 sz 1 on srvsock 20
NAT engine init 'pf'
Inserted events:
  0x802e1d6b8 [fd  6] Read Persist
  0x802e1d778 [fd  7] Read Persist
  0x802e1d838 [fd  8] Read Persist
  0x802e1d8f8 [fd  9] Read Persist
  0x802e1d9b8 [fd  10] Read Persist
  0x802e1da78 [fd  12] Read Persist
  0x802e1db38 [fd  14] Read Persist
  0x802e15c80 [sig 1] Signal Persist
  0x802e1f000 [sig 2] Signal Persist
  0x802e15c00 [sig 3] Signal Persist
  0x802e1f080 [sig 13] Signal Persist
  0x802e1f100 [sig 15] Signal Persist
  0x802e1f180 [sig 30] Signal Persist
  0x802e15f80 [fd  -1] Persist Timeout=1623323253.908584
Active events:
Initialized 8 connection handling threads
Started 8 connection handling threads
Starting main event loop.
SNI peek: [web.whatsapp.com] [complete], fd=22
Connecting to [157.240.9.53]:443
STATS: thr=2, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=1, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=4, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=3, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=6, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=0, mld=1, mfd=24, mat=9, mct=9, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=5, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
SNI peek: [push.services.mozilla.com] [complete], fd=25
Connecting to [44.237.185.119]:443
SNI peek: [www.google.com] [complete], fd=28
Connecting to [142.250.187.164]:443
SNI peek: [www.google.com] [complete], fd=30
Connecting to [142.250.187.164]:443
SNI peek: [www.google.com] [complete], fd=33
Connecting to [142.250.187.164]:443
SNI peek: [www.google.com] [complete], fd=36
Connecting to [142.250.187.164]:443
STATS: thr=5, mld=1, mfd=39, mat=1, mct=1, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=6, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=1, mld=1, mfd=27, mat=7, mct=8, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=2, mld=1, mfd=32, mat=1, mct=1, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=3, mld=1, mfd=35, mat=1, mct=1, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=4, mld=1, mfd=38, mat=1, mct=1, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
IDLE: atime=19, ctime=19, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=19, mct=19, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
SNI peek: [www.sozcu.com.tr] [complete], fd=40
Connecting to [35.244.160.147]:443
IDLE: atime=29, ctime=29, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=29, mct=29, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
IDLE: atime=17, ctime=18, src_addr=192.168.2.25:57980, dst_addr=-:-, valid=0
STATS: thr=1, mld=1, mfd=27, mat=17, mct=18, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
IDLE: atime=11, ctime=11, src_addr=192.168.2.25:59364, dst_addr=-:-, valid=0
IDLE: atime=11, ctime=11, src_addr=192.168.2.25:59366, dst_addr=-:-, valid=0
STATS: thr=2, mld=1, mfd=32, mat=11, mct=11, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
STATS: thr=3, mld=1, mfd=35, mat=11, mct=11, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
IDLE: atime=11, ctime=11, src_addr=192.168.2.25:59370, dst_addr=-:-, valid=0
IDLE: atime=11, ctime=11, src_addr=192.168.2.25:59368, dst_addr=-:-, valid=0
STATS: thr=5, mld=1, mfd=39, mat=11, mct=11, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
STATS: thr=4, mld=1, mfd=38, mat=11, mct=11, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
STATS: thr=6, mld=1, mfd=42, mat=9, mct=9, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
IDLE: atime=21, ctime=21, src_addr=192.168.2.25:59364, dst_addr=-:-, valid=0
STATS: thr=2, mld=1, mfd=32, mat=21, mct=21, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=21, ctime=21, src_addr=192.168.2.25:59370, dst_addr=-:-, valid=0
STATS: thr=5, mld=1, mfd=39, mat=21, mct=21, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=19, ctime=19, src_addr=192.168.2.25:45776, dst_addr=-:-, valid=0
STATS: thr=6, mld=1, mfd=42, mat=19, mct=19, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=39, ctime=39, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=39, mct=39, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=21, ctime=21, src_addr=192.168.2.25:59366, dst_addr=-:-, valid=0
STATS: thr=3, mld=1, mfd=35, mat=21, mct=21, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=27, ctime=28, src_addr=192.168.2.25:57980, dst_addr=-:-, valid=0
STATS: thr=1, mld=1, mfd=27, mat=27, mct=28, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=21, ctime=21, src_addr=192.168.2.25:59368, dst_addr=-:-, valid=0
STATS: thr=4, mld=1, mfd=38, mat=21, mct=21, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=49, ctime=49, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=49, mct=49, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
IDLE: atime=37, ctime=38, src_addr=192.168.2.25:57980, dst_addr=-:-, valid=0
STATS: thr=1, mld=1, mfd=27, mat=37, mct=38, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
IDLE: atime=31, ctime=31, src_addr=192.168.2.25:59368, dst_addr=-:-, valid=0
IDLE: atime=31, ctime=31, src_addr=192.168.2.25:59366, dst_addr=-:-, valid=0
IDLE: atime=31, ctime=31, src_addr=192.168.2.25:59370, dst_addr=-:-, valid=0
STATS: thr=3, mld=1, mfd=35, mat=31, mct=31, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
STATS: thr=5, mld=1, mfd=39, mat=31, mct=31, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
STATS: thr=4, mld=1, mfd=38, mat=31, mct=31, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
IDLE: atime=29, ctime=29, src_addr=192.168.2.25:45776, dst_addr=-:-, valid=0
STATS: thr=6, mld=1, mfd=42, mat=29, mct=29, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
IDLE: atime=31, ctime=31, src_addr=192.168.2.25:59364, dst_addr=-:-, valid=0
STATS: thr=2, mld=1, mfd=32, mat=31, mct=31, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
SNI peek: [github.com] [complete], fd=43
Connecting to [140.82.121.3]:443
Garbage collecting caches started.
Garbage collecting caches done.
IDLE: atime=41, ctime=41, src_addr=192.168.2.25:59364, dst_addr=-:-, valid=0
STATS: thr=2, mld=1, mfd=32, mat=41, mct=41, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
IDLE: atime=47, ctime=48, src_addr=192.168.2.25:57980, dst_addr=-:-, valid=0
IDLE: atime=59, ctime=59, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
IDLE: atime=39, ctime=39, src_addr=192.168.2.25:45776, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=59, mct=59, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
STATS: thr=6, mld=1, mfd=42, mat=39, mct=39, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
IDLE: atime=41, ctime=41, src_addr=192.168.2.25:59368, dst_addr=-:-, valid=0
STATS: thr=1, mld=1, mfd=27, mat=47, mct=48, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
STATS: thr=4, mld=1, mfd=38, mat=41, mct=41, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
IDLE: atime=41, ctime=41, src_addr=192.168.2.25:59366, dst_addr=-:-, valid=0
STATS: thr=3, mld=1, mfd=35, mat=41, mct=41, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
STATS: thr=7, mld=1, mfd=45, mat=6, mct=6, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
IDLE: atime=41, ctime=41, src_addr=192.168.2.25:59370, dst_addr=-:-, valid=0
STATS: thr=5, mld=1, mfd=39, mat=41, mct=41, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5

***sslprox.conf

# Sample configuration for sslproxy v0.8.3
#
# Use the -f command line option to start sslproxy with a config file.
# See sslproxy.conf(5) and sslproxy(1) for documentation.

# Use CA cert (and key) to sign forged certs.
# Equivalent to -c command line option.
CACert /etc/sslproxy/ca.crt

# Use CA key (and cert) to sign forged certs.
# Equivalent to -k command line option.
CAKey /etc/sslproxy/ca.key

# Use cert from pemfile when destination requests client certs.
# Equivalent to -a command line option.
#ClientCert /etc/sslproxy/client.crt

# Use key from pemfile when destination requests client certs.
# Equivalent to -b command line option.
#ClientKey /etc/sslproxy/client.key

# Use CA chain from pemfile (intermediate and root CA certs).
# Equivalent to -C command line option.
#CAChain /etc/sslproxy/chain.crt

# Use key from pemfile for leaf certs.
# Equivalent to -K command line option.
# (default: generate)
#LeafKey /etc/sslproxy/leaf.key

# Use URL as CRL distribution point for all forged certs.
# Equivalent to -q command line option.
#LeafCRLURL http://example.com/example.crl

# Use cert+chain+key PEM files from certdir to target all sites matching the
# common names (non-matching: generate if CA).
# Equivalent to -t command line option.
#LeafCertDir /etc/sslproxy/leaf.d

# Use cert+chain+key from PEM file instead of generating leaf keys on the fly.
# Equivalent to -A command line option.
#DefaultLeafCert /etc/sslproxy/leaf.pem

# Write leaf key and only generated certificates to gendir.
# Equivalent to -w command line option.
#WriteGenCertsDir /var/log/sslproxy

# Write leaf key and all certificates to gendir.
# Equivalent to -W command line option.
#WriteAllCertsDir /var/log/sslproxy

# Deny all OCSP requests on all proxyspecs.
# Equivalent to -O command line option.
#DenyOCSP yes

# Passthrough SSL connections if they cannot be split because of client cert 
# auth or no matching cert and no CA.
# Equivalent to -P command line option.
# (default: drop)
Passthrough yes

# Use DH group params from pemfile.
# Equivalent to -g command line option.
# (default: keyfiles or auto)
#DHGroupParams /etc/sslproxy/dh.pem

# Use ECDH named curve.
# Equivalent to -G command line option.
# (default: prime256v1)
#ECDHCurve prime256v1

# Enable/disable SSL/TLS compression on all connections.
# Equivalent to -Z command line option.
#SSLCompression no

# Force SSL/TLS protocol version only.
# Equivalent to -r command line option.
# (default: all)
#ForceSSLProto tls12

# Disable SSL/TLS protocol version.
# Equivalent to -R command line option.
# (default: none)
#DisableSSLProto tls10

# Min SSL/TLS protocol version.
# (default: tls10)
#MinSSLProto tls10

# Max SSL/TLS protocol version.
# (default: tls12 or tls13, depending on the version of SSL library)
#MaxSSLProto tls13

# Use the given OpenSSL ciphers spec.
# Equivalent to -s command line option.
# (default: ALL:-aNULL)
Ciphers ALL:!RC4

# Use the given OpenSSL ciphersuites spec.
# The ciphersuites spec is for TLS 1.3.
# Equivalent to -U command line option.
# (default: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256)
#CipherSuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

# Leaf key RSA keysize in bits, use 1024|2048|3072|4096.
# (default: 2048)
LeafKeyRSABits 2048

# OpenSSL engine to activate, either ID or full path to shared library
# Equivalent to -x command line option
#OpenSSLEngine cloudhsm

# Specify default NAT engine to use.
# Equivalent to -e command line option.
NATEngine pf

# Drop privileges to user.
# Equivalent to -u command line option.
# (default: nobody, if run as root)
#User _sslproxy

# Drop privileges to group.
# Equivalent to -m command line option.
# (default: primary group of user)
#Group _sslproxy

# chroot() to jaildir (impacts sni proxyspecs, see sslproxy(1)).
# Equivalent to -j command line option.
#Chroot /var/run/sslproxy

# Write pid to file.
# Equivalent to -p command line option.
# (default: no pid file)
PidFile /var/run/sslproxy.pid

# Connect log: log one line summary per connection to logfile.
# Equivalent to -l command line option.
#ConnectLog /var/log/sslproxy/connect.log

# Content log: full data to file or named pipe
# (excludes ContentLogDir/ContentLogPathSpec).
# Equivalent to -L command line option.
ContentLog /var/log/sslproxy/content.log

# Content log: full data to separate files in dir
# (excludes ContentLog/ContentLogPathSpec).
# Equivalent to -S command line option.
#ContentLogDir /var/log/sslproxy/content

# Content log: full data to sep files with % subst
# (excludes ContentLog/ContentLogDir).
# Equivalent to -F command line option.
#ContentLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.log

# Look up local process owning each connection for logging.
# Equivalent to -i command line option.
#LogProcInfo yes

# Pcap log: packets to pcapfile (excludes PcapLogDir/PcapLogPathSpec).
# Equivalent to -X command line option.
#PcapLog /var/log/sslproxy/content.pcap

# Pcap log: packets to separate files in dir
# (excludes PcapLog/PcapLogPathSpec).
# Equivalent to -Y command line option.
#PcapLogDir /var/log/sslproxy/pcap

# Pcap log: packets to sep files with % subst (excludes PcapLog/PcapLogDir).
# Equivalent to -y command line option.
#PcapLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.pcap

# Mirror packets to interface.
# Equivalent to -I command line option.
#MirrorIf lo

# Mirror packets to target address (used with MirrorIf).
# Equivalent to -T command line option. Leave commented if the target is
# irrelevant (e.g. mirror to dummy device)
#MirrorTarget 192.0.2.1

# Log master keys to logfile in SSLKEYLOGFILE format.
# Equivalent to -M command line option.
#MasterKeyLog /var/log/sslproxy/masterkeys.log

# Daemon mode: run in background, log error messages to syslog.
# Equivalent to -d command line option.
Daemon no

# Debug mode: run in foreground, log debug messages on stderr.
# Equivalent to -D command line option.
#Debug yes

# Verbose debug level
#DebugLevel 4

# Close connections after this many seconds of idle time
ConnIdleTimeout 120

# Check for expired connections every this many seconds
ExpiredConnCheckPeriod 10

# Log statistics to syslog
# Equivalent to -J command line option.
LogStats yes

# Log statistics every this many ExpiredConnCheckPeriod periods
StatsPeriod 1

# Remove HTTP header line for Accept-Encoding
RemoveHTTPAcceptEncoding no

# Remove HTTP header line for Referer
RemoveHTTPReferer yes

# Verify peer using default certificates
VerifyPeer yes

# When disabled, never add the SNI to forged certificates, even if the SNI
# provided by the client does not match the server certificate's CN/SAN.
# Helps pass the wrong.host test at https://badssl.com.
AllowWrongHost no

# Require authentication for users to use SSLproxy
#UserAuth yes

# Path to user db file
#UserDBPath /var/db/users.db

# Time users out after this many seconds of idle time
#UserTimeout 300

# Redirect URL for users to log in to the system
#UserAuthURL https://192.168.8.1/userdblogin.php

# Comma separated list of users diverted by all proxyspecs
# Connections from these users are diverted to listening programs.
# Users not listed in DivertUsers or PassUsers are blocked.
# Max of 50 users can be listed.
#DivertUsers utmfw

# Comma separated list of users passed through by all proxyspecs
# Connections from these users are simply passed through to their original destinations,
# not diverted to listening programs.
# Users not listed in DivertUsers or PassUsers are blocked.
# Max of 50 users can be listed.
#PassUsers admin

# Validate proxy spec protocols
ValidateProto yes

# Max HTTP header size in bytes for protocol validation
MaxHTTPHeaderSize 8192

# Set open files limit, use 50-10000
OpenFilesLimit 1024

# Proxy specifications
# type listenaddr+port up:utmport ua:utmaddr ra:returnaddr
#ProxySpec https 127.0.0.1 8443 up:8080 [ua:127.0.0.1 ra:127.0.0.1]
ProxySpec http 127.0.0.1 8081 up:8080
ProxySpec https 127.0.0.1 8443 up:8080
ProxySpec pop3 127.0.0.1 8994 up:8110
ProxySpec pop3s 127.0.0.1 8995 up:8110
ProxySpec smtp 127.0.0.1 8464 up:9199
ProxySpec smtps 127.0.0.1 8465 up:9199
ProxySpec autossl 127.0.0.1 8466 up:9199

# Passthrough sites
# site [(clientaddr|(user|*) [description keyword])]
#PassSite example.com
#PassSite example.com 192.168.0.1
#PassSite example.com soner
#PassSite *.google.com * android

***root@host:/etc # ps aux | grep sslproxy

nobody         1526  27.2  0.4   55716   15876  0  S+   10:47     0:00.36 sslproxy -k ca.key -c ca.crt -l connect.log https 127.0.0.1 8443 up:8080
root           1472   2.2  0.2   38048    8832  0  S+   10:47     0:00.61 sslproxy -k ca.key -c ca.crt -l connect.log https 127.0.0.1 8443 up:8080
root           1731   0.0  0.1   14796    2508  1  S+   10:47     0:00.00 grep sslproxy

[sonertari]

First things first: Since you don't mention any listening program and its configuration, I guess you are not running one. You need a listening program for sslproxy to divert the packets to. For example, you can use lp under the tests/testproxy folder. Please see the diagram on README to understand the mode of operation required by SSLproxy. Also, see the UTMFW project for configuration files and working examples.