from:"Amit pasari"

Re: [squid-users] Chrome 67 Issue with SSL Bump

2018-06-26 Thread Amit pasari

Dear Walter 
 
I have tried with both SHA1 and SHA256 cert . 


Sent from my iPhone

> On Jun 26, 2018, at 9:43 PM, Walter H.  wrote:
> 
>> On 26.06.2018 17:22, Amit Pasari - XS INFOSOL Inc. USA wrote:
>> I am using squid in transparent mode . Everything working fine in Firefox 
>> and IE after i have imported the certificate in both the browser  , but in 
>> Chrome 67 version on Windows 10 i am facing the below issue 
>> NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
>> When i open https://facebook.com , https://linkedin.com etc .
>> I am clueless on the same now . 
>> Amit
>> 
> Have you generated a SHA1 or SHA-256 certificate?
> 
> Walter
> 
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Chrome 67 Issue with SSL Bump

2018-06-26 Thread Amit Pasari - XS INFOSOL Inc. USA


Dear All,

I am using squid ver.3.5.26  on centos 6.7 with below configuration .

=

http_port 3128  intercept
https_port 3129 intercept ssl-bump generate-host-certificates=on 
dynamic_cert_mem_cache_size=4MB cert=/etc/myssl/public.pem 
capath=/etc/ssl/certs options=NO_SSLv3 key=/etc/myssl/private.pem


ssl_bump peek step1 all
ssl_bump peek step2 serverIsBank
ssl_bump splice step3 serverIsBank
ssl_bump bump all

==

I am using squid in transparent mode . Everything working fine in 
Firefox and IE after i have imported the certificate in both the 
browser  , but in Chrome 67 version on Windows 10 i am facing the below 
issue


NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

When i open https://facebook.com , https://linkedin.com etc .

I am clueless on the same now .

Amit


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Chrome 67 Issue with SSL Bump

2018-06-26 Thread Amit Pasari - XS INFOSOL Inc. USA

Let me try the below solution , but if thats the case it shouldn't work 
with other browsers as well  , what i think is chrome is either not 
reading my cert or rejecting it .


Unsure .

Amit

On 6/26/18 10:38 PM, Walter H. wrote:

On 26.06.2018 19:03, Amit pasari wrote:

Dear Walter
I have tried with both SHA1 and SHA256 cert .


Sent from my iPhone

On Jun 26, 2018, at 9:43 PM, Walter H. <mailto:walte...@mathemainzel.info>> wrote:



On 26.06.2018 17:22, Amit Pasari - XS INFOSOL Inc. USA wrote:


I am using squid in transparent mode . Everything working fine in 
Firefox and IE after i have imported the certificate in both the 
browser  , but in Chrome 67 version on Windows 10 i am facing the 
below issue


NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

When i open https://facebook.com , https://linkedin.com etc .

I am clueless on the same now .

Amit


Have you generated a SHA1 or SHA-256 certificate?

Walter


can you try this:

sslproxy_cert_sign_hash sha256

and use a SHA-256  certificate

Walter



--
XS Infosol
    
*Amit Pasari*
CEO
*XS Infosol Pvt Ltd*

<https://www.facebook.com/XSInfosol.Inc> 
<https://www.linkedin.com/company/xs-infosol-inc-/> 
<https://twitter.com/xsinfosol> <https://plus.google.com/+Xsinfosol/posts0>



*Call* : +91-120-4978080, Extn.101
*Mobile* : +91-9953007901
*Skype Id* : amitpasari
*Mail id* : a...@xsinfosol.com
*Website* : www.xsinfosol.com

<http://www.xsinfosol.com>

<http://www.xsinfosol.com>

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Chrome 67 Issue with SSL Bump

2018-06-27 Thread Amit Pasari - XS INFOSOL Inc. USA


On 6/27/18 11:20 PM, Amit Pasari - XS INFOSOL Inc. USA wrote:

Dear Walter ,

I use

sslproxy_cert_sign_hash sha256

and use a SHA-256  certificate

The result is still the same .

"NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM"

Also one more thing , when i open yahoo.com with any of those 
certificates in CHROME , the content of yahoo comes inline i,e without 
any CSS etc ...


One more strange thing i noticed , when i browse using Firefox , 
safari , IE , all URLs are coming in squid/access.log where as when i 
use CHROME only few IPs comes in access logs with CONNECT on 443 .


I also noticed with using CHROME the below type of requests :
POST 
http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs



Amit


On 6/26/18 11:25 PM, Amit Pasari - XS INFOSOL Inc. USA wrote:
Let me try the below solution , but if thats the case it shouldn't 
work with other browsers as well  , what i think is chrome is either 
not reading my cert or rejecting it .


Unsure .

Amit

On 6/26/18 10:38 PM, Walter H. wrote:

On 26.06.2018 19:03, Amit pasari wrote:

Dear Walter
I have tried with both SHA1 and SHA256 cert .


Sent from my iPhone

On Jun 26, 2018, at 9:43 PM, Walter H. <mailto:walte...@mathemainzel.info>> wrote:



On 26.06.2018 17:22, Amit Pasari - XS INFOSOL Inc. USA wrote:


I am using squid in transparent mode . Everything working fine in 
Firefox and IE after i have imported the certificate in both the 
browser  , but in Chrome 67 version on Windows 10 i am facing the 
below issue


NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

When i open https://facebook.com , https://linkedin.com etc .

I am clueless on the same now .

Amit


Have you generated a SHA1 or SHA-256 certificate?

Walter


can you try this:

sslproxy_cert_sign_hash sha256

and use a SHA-256  certificate

Walter


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Chrome 67 Issue with SSL Bump

[squid-users] Chrome 67 Issue with SSL Bump

Re: [squid-users] Chrome 67 Issue with SSL Bump

Re: [squid-users] Chrome 67 Issue with SSL Bump

4 matches

Site Navigation

Mail list logo

Footer information