Hi Squid Community, the last weeks it felt that more and more websites are going to be "incompatible" with Squid SSL bump. Some Websites are not displayed at all and a "403 Forbidden" from their proxy is displayed, others are displayed very ugly because some CSS is missing due to HTTP Error 403 on CSS resources.
Is there any way to tune SSL Bump for less problems with websites? Here some example websites which are not loading at all with SSL Bump: - forcepoint.com (Their Proxy displays: 403 forbidden) - itsg.de (Squid: Connect reset by peer) - leica-geosystems.com (Bad Request) Displayed very ugly because CSS Files gots HTTP Error 403 with SSL bump: - pyur.com - help.nextcloud.com - it feels like all websites with Discourse Forums are having problems with ssl bump - css missing, very ugly - many more This are only some examples. Who can reproduce this problems with its own SSL Bump Squid? Am I doing something wrong with SSL Bump? Is Squid 5 alerady better for this? Thanks for any help Schroeffu My current cump conf is extremely simple, just the default: http_port proxy03bs.tld.com:8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/subca.crt.pem key=/etc/squid/certs/subca.key.ohnersa.pem sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB ssl_bump bump !domains_dont_sslbump
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
