From the squid.conf.documented:
# SSL Bump Mode Options:
# In addition to these options ssl-bump requires TLS/SSL
options.
#
# generate-host-certificates[=]
# Dynamically create SSL server certificates for
the
# destination hosts
From the docs:
# none
# Become a TCP tunnel without decoding the connection.
# Works with both CONNECT requests and intercepted SSL
# connections. This is the default behavior when no
# ssl_bump option is given or no ssl_bump ACLs m
ss for these
> domains IPs or something else which is creative enough for it to work.
>
> Eliezer
>
> On 04/26/2014 06:29 PM, James Lay wrote:
> > acl broken_sites dstdomain .textnow.me
> > acl broken_sites dstdomain .akamaiedge.net
> > acl broken_sites dstdomain
On 2014-06-20 09:10, ama...@tin.it wrote:
I had configured
/etc/security/limits.conf
squid softnofile
16384
squid hardnofile 16384
rootsoftnofile 16384
roothardnofile 16384
but to resolve the problem I have to add
into /et/init.d/squid
#set fildedescriptor
set -
Topic pretty much says it...most sites work fine using my below set up,
but some (Apple's app store) do not. I'm wondering if cert pinning is
the issue? Since this set up is basically two separate sessions, I
packet captured both. The side the I have control over gives me a TLS
Record Layer Aler
0.0/12.
>
> Good luck
>
> On 30 Jun 2014, at 10:38 pm, James Lay wrote:
>
> > Topic pretty much says it...most sites work fine using my below set up,
> > but some (Apple's app store) do not. I'm wondering if cert pinning is
> > the issue? Since this se
Good morning List Troll!
Please don't peddle your (subscription fee based no less...yugh)
garbage off listor heck ON list for that matter. Squid-users admin,
kindly nuke/destroy/delete/erase the below...thank you.
James
Original Message
Subject: Squidblacklist.org - A
, James Lay
wrote:
On Mon, 2014-06-30 at 22:56 +1000, Dan Charlesworth wrote:
Yeah, pinned SSL ‘aint gonna be bumped. The Twitter apps are
another popular one that use pinning.
As far as your broken_sites ACL goes, you can’t use `dstdomain`
because the only thing Squid can see of the
0.0/12.
>
> Good luck
>
> On 30 Jun 2014, at 10:38 pm, James Lay wrote:
>
> > Topic pretty much says it...most sites work fine using my below set up,
> > but some (Apple's app store) do not. I'm wondering if cert pinning is
> > the issue? Since this se
On 2014-06-30 20:21, James Lay wrote:
On Mon, 2014-06-30 at 22:56 +1000, Dan Charlesworth wrote:
Yeah, pinned SSL ‘aint gonna be bumped. The Twitter apps are another
popular one that use pinning.
As far as your broken_sites ACL goes, you can’t use `dstdomain`
because the only thing Squid can
On 2014-07-11 10:14, Alex Rousskov wrote:
On 07/11/2014 05:43 AM, James Harper wrote:
Is it possible for squid to intercept and apply acl's to https
without actually decrypting and generating certificates etc? The
conversation would go something like:
. Client makes connection to IP 1.2.3.4
On 2014-07-11 15:05, Alex Rousskov wrote:
On 07/11/2014 10:18 AM, James Lay wrote:
On 2014-07-11 10:14, Alex Rousskov wrote:
On 07/11/2014 05:43 AM, James Harper wrote:
Is it possible for squid to intercept and apply acl's to https
without actually decrypting and generating certificate
> > Alex.
>
> Ok last questionwho do I get compile bugs to:
>
> make[3]: Entering directory
> `/home/jlay/peek-splice/peek-and-splice/src/acl'
> /bin/bash ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H
> -I../.. -I../../include -I../../lib -I../../src -I../../include
> -Wall -W
On Mon, 2014-07-14 at 19:23 +0100, Edwin Marqe wrote:
> Hi Eliezer,
>
> I understand that, but this is pretty much the point of my e-mail. In
> my company we don't work with servers installed physically here,
> instead, we rent servers to a company. We use 2 nameservers for our
> clients, and the
On Mon, 2014-09-01 at 18:51 +0530, Santosh Bhabal wrote:
> Yes :)
>
> Regards
> Santosh
>
>
>
> On Mon, Sep 1, 2014 at 6:50 PM, Antony Stone
> wrote:
> > On Monday 01 September 2014 at 15:17:58 (EU time), Santosh Bhabal wrote:
> >
> >> Yes, './configure --prefix=/usr/local/squid' command succe
15 matches
Mail list logo