On 24/12/19 3:47 pm, GeorgeShen wrote:
>
>
>> No. You receive a server cert and the CA chain required to validate that
>> server cert.
>>
>> Stop thinking of certs as belonging to the proxy. It seems to be
>> confusing you. All 3 certs can be called "the proxy's certs" and yet
>> none of them is
>That is saying the "ssl-bump" flag requires "intercept" on that port
>directive.
>
>SSL-Bump is intercepting the TLS layer. It makes no sense for a client
>to explicitly open TCP connections to Squid when trying to perform TLS
>with a different server elsewhere.
but my proxy's purpose is to do
>No. You receive a server cert and the CA chain required to validate that
>server cert.
>
>Stop thinking of certs as belonging to the proxy. It seems to be
>confusing you. All 3 certs can be called "the proxy's certs" and yet
>none of them is a "proxy cert" in TLS definitions.
Amos,
but those
On 24/12/19 7:55 am, GeorgeShen wrote:
>
>>> actually doing "openssl s_client -proxy 192.168.1.35:3129 -connect
>>> -showcerts ",
>>> noticed two of the three certs from that display is from the proxy server
>>> I
>>> think. the first one
>>> is the modified host cert. maybe that's the way to
>> actually doing "openssl s_client -proxy 192.168.1.35:3129 -connect
>> -showcerts ",
>> noticed two of the three certs from that display is from the proxy server
>> I
>> think. the first one
>> is the modified host cert. maybe that's the way to get proxy server's
>> certs.
>>
>You are using
On 12/22/19 5:53 AM, Ahmad Alzaeem wrote:
> im confused on why default response time configured as %6tr not %tr
Many Squid developers look at raw access logs. I suspect early Squid
developers wanted to first (or "left") access.log fields at a semi-fixed
position. Making most response time
On Sat, Dec 21, 2019 at 7:42 PM robert k Wild wrote:
>
> WARNING Bad configuration keyword: enable_libarchive 0
> WARNING Bad configuration keyword: banmaxsize 2M
You're probably running an outdated squidclamav.
___
squid-users mailing list
On 23/12/19 7:26 pm, GeorgeShen wrote:
>> this is http port, speaking http. This is not a https port, so you can't
>> speak https to it. The difference between 3128 and 3129 is, when you issue
>> CONNECT request to 3129, squid tries to communicate using SSL as if it was
>> the destination server
