[squid-users] Cannot display page correctly with SSL-Bump

Hi, Im trying to get ssl bump work correctly but when i get a site with https then browser display the page with no CSS or javascript. log : 1417149172.053175 192.168.10.10 TAG_NONE/200 0 CONNECT i.ytimg.com:443 - HIER_DIRECT/74.125.130.102 - 1417149172.145194 192.168.10.10 TAG_NONE/200 0

Re: [squid-users] Existing root certificate not working with SSL Bump (squid 3.3.10)

Alright, I figured out a possible cause. I downloaded the certificate that the browsers were complaining about, and used openssl verify to verify against the root certificate that I have. I got error 20, indicating that squid must not be using the correct root certificate to generate the client cer

Re: [squid-users] Existing root certificate not working with SSL Bump (squid 3.3.10)

Thanks for the reply. I'm aware of pinning, but this problem is happening on small and/or insignificant sites that are certainly not pinned, as well as the larger sites. In addition, our clients are not getting errors due to pinning on our existing proxy setup, so we're doing something correctly th

[squid-users] Minor nit with cachemgr.cgi in 3.5.0.2

Spam detection software, running on the system "master.squid-cache.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content p

Re: [squid-users] Problem with digest authentification and credential backend

> > William to be more clear this patch is not related at all with > authenticate_ttl directive. > authenticate_ttl doesn't works with Digest, but with basic and maybe another > (ntlm, kerberos ?) there is no precision here > http://www.squid-cache.org/Doc/config/authenticate_ttl/ > > The pat

Re: [squid-users] squid 3.5x: Active Directory accounts with space issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/11/2014 12:01 a.m., David Touzeau wrote: > Hi > > We have connected 3.5.0.2-20141121-r13666 with Active Directory. It > seems where there are spaces in login account squid use only the > last argument. > > For example for an account "Jhon smith

Re: [squid-users] External ACL with an HTTP reply header format doesn't

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25/11/2014 9:53 a.m., Jorge Iván Burgos Aguilar wrote: > Hi again, > > Solved by using %<{Content-Type} log format instead of the one with > an additional h with it (recommend while running squid -k parse). > Actually is a bug in the code handling

Re: [squid-users] Existing root certificate not working with SSL Bump (squid 3.3.10)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/11/2014 5:38 a.m., HaxNobody wrote: > Hello, > > We are trying to configure Squid with SSL bump in order to filter > traffic with a content filter. We have an existing self-signed root > certificate and private key that we use successfully with

Re: [squid-users] Transparent proxy with Peek and Splice feature.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/11/2014 7:22 a.m., Vadim Rogoziansky wrote: > Hello All. > > My goal is to do ssl bumping in transparent proxy mode with domain > exclude possibility. Let me tell you about squid's strange > behaviour when I'm trying to do it. > > In browsers