Re: [squid-users] Squid 5.1 for Debian Bullseye (amd64/i386/sources)

> -Oorspronkelijk bericht- > Van: squid-users > [mailto:squid-users-boun...@lists.squid-cache.org] Namens > Amos Jeffries > Verzonden: maandag 20 september 2021 23:48 > Aan: squid-users@lists.squid-cache.org > Onderwerp: Re: [squid-users] Squid 5.1 for Debian Bullseye >

Re: [squid-users] hostHeaderVerify with SNI in interception environments

Hi again, FWIW, Factory is (slowly) working on an SslBump refactoring project that may address this bug. Thanks, I'll keep an eye on that. Andreas Zitat von Alex Rousskov : On 9/21/21 10:14 AM, Andreas Weigel wrote: Hi, sorry for the late response and the ambiguity in the initial post.

Re: [squid-users] hostHeaderVerify with SNI in interception environments

Hi, sorry for the late response and the ambiguity in the initial post. That fact is unrelated to the concern being raised in this thread AFAICT: The concern is _not_ whether Squid verifies the target of the SNI-based CONNECT during step3. The concern is whether Squid verifies the target of the

Re: [squid-users] hostHeaderVerify with SNI in interception environments

On 9/21/21 10:14 AM, Andreas Weigel wrote: > Hi, > > sorry for the late response and the ambiguity in the initial post. > >> That fact is unrelated to the concern being raised in this thread >> AFAICT: The concern is _not_ whether Squid verifies the target of the >> SNI-based CONNECT during

Re: [squid-users] got many messages after upgrade from 4.16 to 5.1: assertion failed: Transients.cc:221: "old == e"

On 9/21/21 2:31 AM, Dieter Bloms wrote: > I did an upgrade from squid 4.16 and got many messages like: assertion > failed: Transients.cc:221: "old == e" > and it seems, that the childs crash and restart: > > --snip-- > 2021/09/20 04:37:47 kid2| assertion failed: Transients.cc:221: "old == e" >

Re: [squid-users] squid 5.1: Kerberos: Unable to switch to basic auth with Edge - IE - Chrome

What i showed used kerberos, if that fails it used ntlm.. and you can add.. if that fails use LDAP (basic auth) ..  This way, you support all of them. if you going only for kerberos, that make sure you setup your krb5.conf correctly.. A + PTR records, SPN/UPNs and yes, then you can run it

Re: [squid-users] squid 5.1: Kerberos: Unable to switch to basic auth with Edge - IE - Chrome

in your smb.conf add # Added to enforced NTLM 2, must be set on all Samba AD-DC's and the needed members. # This is used in combination with ntlm_auth --allow-mschapv2 ntlm auth = mschapv2-and-ntlmv2-only In squid use: auth_param negotiate program

[squid-users] got many messages after upgrade from 4.16 to 5.1: assertion failed: Transients.cc:221: "old == e"

Hello, I did an upgrade from squid 4.16 and got many messages like: assertion failed: Transients.cc:221: "old == e" and it seems, that the childs crash and restart: --snip-- 2021/09/20 04:37:47 kid2| assertion failed: Transients.cc:221: "old == e" current master transaction: master368193

Re: [squid-users] squid 5.1: Kerberos: Unable to switch to basic auth with Edge - IE - Chrome

Thanks amos !! I think auth_schemes can be a workaround. I will try it ! Le 21/09/2021 à 02:49, Amos Jeffries a écrit : On 21/09/21 11:49 am, David Touzeau wrote: When edge, chrome and IE try to establish a session, Squid claim 2021/09/21 01:17:27 kid1| ERROR: Negotiate Authentication

Re: [squid-users] squid 5.1: Kerberos: Unable to switch to basic auth with Edge - IE - Chrome

Thanks Louis for this tips but we did not want to use NTLM as it is an old way. It requires a samba on the Squid Box As Amos said, this is most a browser (that using Microsoft API ) issue The best way is to make these browsers replicating the correct Firefox behavior. Means swith to basic