Hi,
Just recently I've noticed that LAN clients going through Squid with sslbump
are all of a sudden unable to access certain HTTPS sites such as
login.yahoo.com.
The squid log has lines like:
kid1| 4,3| Error.cc(22) update: recent:
ERR_SECURE_CONNECT_FAIL/SQUID_ERR_SSL_HANDSHAKE+TLS_LIB_ERR=1
On 27/07/21 9:15 pm, Vieri wrote:
>
> I have not changed anything in the OS so it might be because of change in the
> remote web service.
> It might be that my openssl version is already too old (1.1.1g), and that the
> web site forces the use of an unsupported cypher?
I have also observed it o
On 7/27/21 11:45 AM, Vieri wrote:
> Just recently I've noticed that LAN clients going through Squid with sslbump
> are all of a sudden unable to access certain HTTPS sites such as
> login.yahoo.com.
> The squid log has lines like:
>
> kid1| 4,3| Error.cc(22) update: recent:
> ERR_SECURE_CONNEC
Thanks Amos
On Tue, 27 Jul 2021, 13:57 , wrote:
> On 2021-07-28 00:25, robert k Wild wrote:
> > is it best to put my "ssl bump" and "no ssl interception" rules under
> >
> > # Recommended minimum Access Permission configuration:
> >
> > or
> >
> > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS F
On 2021-07-28 00:25, robert k Wild wrote:
is it best to put my "ssl bump" and "no ssl interception" rules under
# Recommended minimum Access Permission configuration:
or
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
Both of the above comments are about the ordering of htt
is it best to put my "ssl bump" and "no ssl interception" rules under
# Recommended minimum Access Permission configuration:
or
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#SSL Bump
http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem
generate-host-certificat
On 2021-07-26 23:05, jens.altrock wrote:
Hi!
I got a little Problem:
We have a proxy server that should route special requests to a parent
proxy and forward the rest tot he standard gateway. I haven't found
any suitable and working configurations, so I'm asking ehre for help.
You appear to no
On 2021-07-27 21:27, Jason Spashett wrote:
If you look at the squid logformat page you can find various
additional logging options available to start with, such as ICAP
processing time. This is a good place to start if you are not using a
custom format already:
http://www.squid-cache.org/Doc/conf
If you look at the squid logformat page you can find various
additional logging options available to start with, such as ICAP
processing time. This is a good place to start if you are not using a
custom format already:
http://www.squid-cache.org/Doc/config/logformat/
.e.g.
squid_status=NONE_NONE:H
