Re: [squid-users] Question about my SSL test

2016-02-09 Thread dweimer
On 2016-02-09 7:38 am, sebastien.boulia...@cpu.ca wrote: Hi, I did a SSL test and I have some questions. The SSL test notified me that POODLE (SSLv3), RC4 are enable or/and vulnerable. Is it a way to block that with Squid ? How can I disable thosed protocols ? Server side or Squid side ?

Re: [squid-users] How to change the timezone for Squid ?

2016-02-08 Thread dweimer
On 2016-02-08 10:07 am, sebastien.boulia...@cpu.ca wrote: > Hi Yuri, > > Thanks for your support. > > I use Squid on a Oracle Linux 7. > > date > > Mon Feb 8 09:51:27 EST 2016 > > My timezone look ok with the date command. > > Sébastien > > DE : squid-users [mailto:squid-users-boun.

Re: [squid-users] squid reverse proxy infront of exchange 2010

2015-12-11 Thread dweimer
On 2015-12-10 10:29 pm, Alex Samad wrote: Hi I did the change over today. Tested with Window 7 + exchange 2010 and it wouldn't connect whilst there was no tls1 ! interesting IE worked against the web site so .. Did you come across this issues ? On 11 December 2015 at 11:09, dw

Re: [squid-users] squid reverse proxy infront of exchange 2010

2015-12-10 Thread dweimer
On 2015-12-10 4:24 pm, Alex Samad wrote: Hi Answer my own question http://www.squid-cache.org/Versions/v3/3.5/cfgman/http_port.html seems like there is a no-vhost, I presume vhost turns it on On 11 December 2015 at 09:23, Alex Samad wrote: Hi On 10 December 2015 at 23:44, dweimer wrote

Re: [squid-users] squid reverse proxy infront of exchange 2010

2015-12-10 Thread dweimer
On 2015-12-09 11:29 pm, Alex Samad wrote: Hi config https_port 22.4.2.5:443 accel cert=/etc/httpd/conf.d/office.abc.com.crt key=/etc/httpd/conf.d/office.abc.com.key defaultsite=office.abc.com options=NO_SSLv2,NO_SSLv3 dhparams=/etc/squid/squid-office-dhparams.pem cipher=ECDHE-RSA-AES128-GCM-SHA2

Re: [squid-users] Squid 3.5 Forward Secrecy on https_port

2015-08-14 Thread dweimer
On 2015-08-13 10:18 am, Amos Jeffries wrote: On 14/08/2015 2:40 a.m., Julianne Bielski wrote: But does this mean that ECDHE isn't supported by Squid? Correct. ECDHE is not supported by 3.5 and older. EECDHE and ECDHE are coming in Squid-4. If you really need it you are welcome to download

Re: [squid-users] Squid 3.5 Forward Secrecy on https_port

2015-08-12 Thread dweimer
On 2015-08-12 3:22 pm, dweimer wrote: I am trying to see if I have found another Squid 3.5.x issue with FreeBSD 10, or if I just have something set wrong on my https_port settings. The server I am testing with is currently running FreeBSD 10.2-RC3, with Squid 3.5.7, and LibreSSL 2.2.2. The

[squid-users] Squid 3.5 Forward Secrecy on https_port

2015-08-12 Thread dweimer
I am trying to see if I have found another Squid 3.5.x issue with FreeBSD 10, or if I just have something set wrong on my https_port settings. The server I am testing with is currently running FreeBSD 10.2-RC3, with Squid 3.5.7, and LibreSSL 2.2.2. The Apache 2.4.16 server behind squid is usi

Re: [squid-users] Question about squid-3.5-13849.patch

2015-07-08 Thread dweimer
On 07/08/2015 9:33 am, Paulo Matias wrote: Hi, On 07-07-2015 11:05, Amos Jeffries wrote: On 8/07/2015 1:37 a.m., dweimer wrote: System is Running on FreeBSD 10.1-RELEASE-p14, using OpenSSL included in base FreeBSD. No, the change is automatic for all Squid built against an OpenSSL library

[squid-users] Question about squid-3.5-13849.patch

2015-07-07 Thread dweimer
I just updated to Squid 3.5.6 and after running QualSYS SSL Labs test it still lists my server as supporting Secure Client-Initiated Renegotiation and potentially being vulnerable to CVE-2009-3555 which the patch inc

Re: [squid-users] Squid Upgrade from 3.4.12 to 3.5.3 on FreeBSD 10.1 broke Exchange RPC reverse proxy

2015-04-23 Thread dweimer
On 04/23/2015 9:24 am, dweimer wrote: I upgraded our Reverse proxy from 3.4.12 to 3.5.3 via the FreeBSD ports last night. It has broken our Outlook RPC over HTTPS. OWA and Phones are still connecting with Active Sync, its just the RPC for Outlook anywhere that is broken. Did anyone else have

[squid-users] Squid Upgrade from 3.4.12 to 3.5.3 on FreeBSD 10.1 broke Exchange RPC reverse proxy

2015-04-23 Thread dweimer
I upgraded our Reverse proxy from 3.4.12 to 3.5.3 via the FreeBSD ports last night. It has broken our Outlook RPC over HTTPS. OWA and Phones are still connecting with Active Sync, its just the RPC for Outlook anywhere that is broken. Did anyone else have any issues when upgrading from 3.4 bran

[squid-users] Strange message when doing a squid -k parse or reconfigure

2015-04-07 Thread dweimer
My Squid Process seems to be working fine, but I noticed an unusual message when testing the squid configuration squid: environment corrupt; missing value for https_pr Any Ideas? Its a forward only proxy not doing reverse proxy or anything. Its running on FreeBSD 10.1-RELEASE-p8, installed fro

Re: [squid-users] Reverse Proxy Funny Logging Issue

2015-03-13 Thread dweimer
On 03/12/2015 10:31 am, dweimer wrote: On 01/23/2013 10:39 pm, Amos Jeffries wrote: On 24/01/2013 4:13 a.m., dweimer wrote: On 2013-01-23 08:40, dweimer wrote: On 2013-01-22 23:30, Amos Jeffries wrote: On 23/01/2013 5:34 a.m., dweimer wrote: I just upgraded my reverse proxy server last night

Re: [squid-users] Reverse Proxy Funny Logging Issue

2015-03-12 Thread dweimer
On 01/23/2013 10:39 pm, Amos Jeffries wrote: On 24/01/2013 4:13 a.m., dweimer wrote: On 2013-01-23 08:40, dweimer wrote: On 2013-01-22 23:30, Amos Jeffries wrote: On 23/01/2013 5:34 a.m., dweimer wrote: I just upgraded my reverse proxy server last night from 3.1.20 to 3.2.6, all is working

Re: [squid-users] Squid Reverse Proxy to Exchange 2010 OWA

2015-03-11 Thread dweimer
a off On 11 March 2015 at 15:42, dweimer wrote: We have setup Squid as a reverse proxy to Exchange 2010 OWA server we thought everything was working OK, but found out that any file attachments over 2MB cause a timeout after 5 minutes. I remembered having this issue a while back with HTTPS, and it

[squid-users] Squid Reverse Proxy to Exchange 2010 OWA

2015-03-10 Thread dweimer
We have setup Squid as a reverse proxy to Exchange 2010 OWA server we thought everything was working OK, but found out that any file attachments over 2MB cause a timeout after 5 minutes. I remembered having this issue a while back with HTTPS, and it just went away after some updates. Some searc

Re: [squid-users] DEAD Parent detection

2014-10-17 Thread dweimer
On 10/17/2014 8:24 am, daniel.rie...@gmx.net wrote: Hello, Each of the parents are used for both HTTP & HTTPS in this configuration, the dead parent detected log message isn't going to be repeated twice as its one parent, Regardless of which method the traffic is passing. yes, that's correc

Re: [squid-users] DEAD Parent detection

2014-10-17 Thread dweimer
On 10/17/2014 7:23 am, daniel.rie...@gmx.net wrote: Hello, I've testet with Squid 3.3.8 and here it is working as expected... Thanks Amos! squid.conf: http_port 3128 http_access allow all never_direct allow all cache_peer 10.0.0.101 parent 3128 0 name=TEST1 cache_peer 10.0.0.102 parent 3128 0 n