[squid-users] url_rewrite (with rewrite-url): PinnedConnection failure results in total failure

ations to understand the behavior would be much appreciated. Kind regards, Andreas Weigel PS: log excerpt from squid-v4.16 (successful rewrite-url) 2024/06/14 14:46:30.750 kid1| 61,2| /client_side_request.cc(1266) clientRedirectDone: URL-rewriter diverts URL from https://youtube.com/ t

[squid-users] 'Transfer-Encoding: chunked, chunked' rejected by Squid

d encoding. Kind regards, Andreas -- Andreas Weigel UTM Backend Developer Securepoint GmbH Bleckeder Landstraße 28 D-21337 Lüneburg https://www.securepoint.de Geschäftsführer: René Hofmann Amtsgericht Lüneburg HRB 1776 ___ squid-users mailing list s

Re: [squid-users] hostHeaderVerify with SNI in interception environments

Hi again, FWIW, Factory is (slowly) working on an SslBump refactoring project that may address this bug. Thanks, I'll keep an eye on that. Andreas Zitat von Alex Rousskov : On 9/21/21 10:14 AM, Andreas Weigel wrote: Hi, sorry for the late response and the ambiguity in the initial post

Re: [squid-users] hostHeaderVerify with SNI in interception environments

Hi, sorry for the late response and the ambiguity in the initial post. That fact is unrelated to the concern being raised in this thread AFAICT: The concern is _not_ whether Squid verifies the target of the SNI-based CONNECT during step3. The concern is whether Squid verifies the target of the

[squid-users] hostHeaderVerify with SNI in interception environments

Hi, I noticed that squid behaves differently with regard to checking the SNI of a (fake-)Connect request depending on the sslbump step a "splice" is performed. This is more or less a follow-up on " Squid spliced TLS handshake failing with chrome/ium fallback for certain servers". If

Re: [squid-users] Squid spliced TLS handshake failing with chrome/ium fallback for certain servers

ere, though. Andreas Zitat von Alex Rousskov : On 6/9/21 3:29 PM, Andreas Weigel wrote: I stumbled upon a case of someone complaining about a site not being reachable via squid. Squid was running as transparent proxy and splicing TLS connections. Squid reported a TLS handshake error to the cli

Re: [squid-users] Squid spliced TLS handshake failing with chrome/ium fallback for certain servers

Hi Alex, I can only suggest to either fix the Squid bug/limitation or decide to splice during step1 (based on client SNI, etc., before Squid talks to the origin server). don't know why I haven't yet had the idea, but indeed, if I force splicing at step 1 or even 2, the site loads without

[squid-users] Squid spliced TLS handshake failing with chrome/ium fallback for certain servers

Hi everyone, I stumbled upon a case of someone complaining about a site not being reachable via squid. Squid was running as transparent proxy and splicing TLS connections. Squid reported a TLS handshake error to the client (SQUID_ERR_SSL_HANDSHAKE; Handshake with SSL server failed: