Excellent...glad it worked.
James
On Sat, 2016-10-22 at 10:35 -0300, Leandro Barragan wrote:
> Thanks a lot James, compiling Squid 3.5.22 using that specific commit
> of LibreSSL worked as a charm! I no longer have that "unknown cipher
> returned" errors. I do have some errors with a tiny amount
Thanks a lot James, compiling Squid 3.5.22 using that specific commit
of LibreSSL worked as a charm! I no longer have that "unknown cipher
returned" errors. I do have some errors with a tiny amount of sites,
but I suppose its because of server-side misconfigurations that
LibreSSL simply don't
On 2016-10-21 09:58, Leandro Barragan wrote:
James, thanks for your advice! I've read your email on this list about
LibreSSL. I tried to compile Squid with LibreSSL in the first place
because of what you wrote about ChaCha20. But unfortunately, I
couldn't, compilation stopped because of some
James, thanks for your advice! I've read your email on this list about
LibreSSL. I tried to compile Squid with LibreSSL in the first place
because of what you wrote about ChaCha20. But unfortunately, I
couldn't, compilation stopped because of some obscure error.
Do you remember what version of
On 2016-10-20 20:15, Leandro Barragan wrote:
Thanks for your time Alex! I modified my original config based on Amos
recommendations, so I think now I have a more consistent peek & splice
config:
acl TF ssl::server_name_regex -i facebook fbcdn twitter reddit
ssl_bump peek all
ssl_bump
Thanks for your time Alex! I modified my original config based on Amos
recommendations, so I think now I have a more consistent peek & splice
config:
acl TF ssl::server_name_regex -i facebook fbcdn twitter reddit
ssl_bump peek all
ssl_bump terminate TF
ssl_bump splice all
As you mentioned,
On 10/19/2016 10:12 PM, Jason Haar wrote:
> This is a complex situation for most people (myself included), can you
> tell us how to "peek and make a decision based on SNI"?
I have (long time ago) in the "Peek at SNI and Bump" and other examples
at
On Thu, Oct 20, 2016 at 5:01 PM, Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> Please note that "peek and make a decision based on SNI" is not what
> your configuration tells Squid to do.
>
This is a complex situation for most people (myself included), can you tell
us how to "peek
On 10/19/2016 08:51 PM, Leandro Barragan wrote:
> I get the unknown cipher error on Squid
> but on the client I see a certificate error. When I look at the
> certificate info, it is signed by Squid. It makes no sense at all.
When Squid v3 encounters an OpenSSL error (such as an unsupported
On 10/19/2016 12:44 AM, Leandro Barragan wrote:
>> error:140920F8:SSL routines:SSL3_GET_SERVER_HELLO:unknown cipher returned
>> (1/-1/0)
> I fail to see why is this happening. I only need to peek on the
> connection and make a decision based on SNI,
Please note that "peek and make a decision
Amos,
I really appreciate your answer and the time you took trying to
explain me the rules. I'm already compiling Squid 3.5.22 with OpenSSL
1.0.2j to see if that solves my issue.
Leaving aside the software version, it seems weird to me that I see
this behaviour not only on blocked (terminated)
On 19/10/2016 7:44 p.m., Leandro Barragan wrote:
> Hi!
>
> I'm having trouble with SSL Peek & Splice in Squid 3.5.16 using
Please upgrade to 3.5.19 or later. Current is 3.5.22.
> intercept mode. I'm trying to configure a transparent proxy (no CA
> installed on clients) which denies access to
Hi!
I'm having trouble with SSL Peek & Splice in Squid 3.5.16 using
intercept mode. I'm trying to configure a transparent proxy (no CA
installed on clients) which denies access to specific sites. I
understand that if I can't Bump (my case), then I can only use SNI
information from TLS "Client
13 matches
Mail list logo