Hello,
Yesterday I upgraded OpenSSL version. (Although I was using OpenSSL 1.0.0 - not
affected by Heartbleed, but I upgraded none-the-less)
I am using sslbump (squid 3.4.4). Using Firefox 28.0 (latest 64bit tar.bz2)
After this upgrade i.e. from 1.0.0 to 1.0.1, Firefox started giving
On 11/04/2014 10:16 p.m., Amm wrote:
Hello,
Yesterday I upgraded OpenSSL version. (Although I was using OpenSSL 1.0.0 -
not affected by Heartbleed, but I upgraded none-the-less)
I am using sslbump (squid 3.4.4). Using Firefox 28.0 (latest 64bit tar.bz2)
After this upgrade i.e. from
On Friday, 11 April 2014 4:46 PM, Amos wrote:
On 11/04/2014 10:16 p.m., Amm wrote:
After this upgrade i.e. from 1.0.0 to 1.0.1, Firefox started giving
certificate error stating sec_error_inadequate_key_usage.
This does not happen for all domains but looks like happening ONLY
for google
From: Amm ammdispose-sq...@yahoo.com
Sent: Friday, April 11, 2014 1:38 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] sslbump - firefox sec_error_inadequate_key_usage
On Friday, 11 April 2014 4:46 PM, Amos wrote:
On 11/04/2014 10:16 p.m., Amm wrote:
After
On Friday, 11 April 2014 5:19 PM
I also use this patch and would like if it is possible to somehow go on
without it.
May it be due to the fact squid caches the generated SSL certificates in the
ssl_crtd store?
So we need to clear the store when root CA certificate for SSL bump is
On 11/04/2014 11:55 p.m., Amm wrote:
On Friday, 11 April 2014 5:19 PM
I also use this patch and would like if it is possible to somehow go on
without it.
May it be due to the fact squid caches the generated SSL certificates in the
ssl_crtd store?
So we need to clear the store when
On Friday, 11 April 2014 6:29 PM, Amos wrote:
It seems to be something in firefox was buggy and they have a workaround
coming out in version 29.0, whether that will fix the warnign display or
just allow people to ignore/bypass it like other cert issues I'm not
certain.
Amos
Ok, but then
On 12/04/2014 1:19 a.m., Amm wrote:
On Friday, 11 April 2014 6:29 PM, Amos wrote:
It seems to be something in firefox was buggy and they have a workaround
coming out in version 29.0, whether that will fix the warnign display or
just allow people to ignore/bypass it like other cert issues