I can watch both Edge and Chromium here with a "naked" sslbump: 1611161802.690 16176 192.168.189.48 TCP_MISS/206 30704989 GET https://admin.wissen-ad.de/storage/TEST/Big_Buck_Bunny_1080_10s_30MB.mp4 - ORIGINAL_DST/85.214.58.228 video/mp4 admin.wissen-ad.de
# squid -v Squid Cache: Version 5.0.4-20201125-r5fadc09ee Service Name: squid This binary uses OpenSSL 1.1.1g FIPS 21 Apr 2020. For legal restrictions on distribution see https://www.openssl.org/source/license.html configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,PAM,POP3,RADIUS,SASL,SMB,getpwnam,fake' '--enable-auth-ntlm=fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,LDAP_group,delayer,file_userip,SQL_session,unix_group,session,time_quota' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-security-cert-generators' '--enable-security-cert-validators' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--enable-ssl-crtd' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' '--without-nettle' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS=-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld ' 'CXX=g++' 'CXXFLAGS=-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' --enable-ltdl-convenience Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Zoom: Coming soon -----Original Message----- From: squid-users <squid-users-boun...@lists.squid-cache.org> On Behalf Of Dieter Bloms Sent: Wednesday, January 20, 2021 6:01 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] chromium based browsers don't play a video, when sslbump is enabled Hello Eliezer, I've tested with chrome 87.0.4280.141 and Edge 87.0.664.75. On Wed, Jan 20, Eliezer Croitoru wrote: > It's not clear if only Chromium or also a simple Chrome. > > Thanks, > Eliezer > > ---- > Eliezer Croitoru > Tech Support > Mobile: +972-5-28704261 > Email: ngtech1...@gmail.com > Zoom: Coming soon > > > -----Original Message----- > From: squid-users <squid-users-boun...@lists.squid-cache.org> On Behalf Of > Dieter Bloms > Sent: Wednesday, January 20, 2021 1:26 PM > To: squid-users@lists.squid-cache.org > Subject: [squid-users] chromium based browsers don't play a video, when > sslbump is enabled > > Hello, > > I use squid 4.13 with enabled sslbump. > Chromium based browsers like chrome and edge don't play this video > https://admin.wissen-ad.de/storage/TEST/Big_Buck_Bunny_1080_10s_30MB.mp4 > The firefox browser and the old internet explorer have no problems. > > When I disable sslbumping for this destination the chromium based > browsers work as well. > > Here are some parts of my config: > > --snip-- > http_port MYIP:8080 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=32MB cert=/etc/squid/cert.pem > key=/etc/squid/key.pem tls-dh=/etc/squid/dhparams.pem > sslcrtd_program /usr/sbin/security_file_certgen -s > /var/cache/squid/sslcert_db -M 32MB > sslcrtd_children 32 startup=10 idle=3 > tls_outgoing_options capath=/etc/ssl/certs min-version=1.2 > tls_outgoing_options > cipher=TLSv1.2:+aRSA:+SHA384:+SHA256:+DH:-kRSA:!PSK:!eNULL:!aNULL:!DSS:!AESCCM:!CAMELLIA:!ARIA:AES256-SHA:AES128-SHA:@SECLEVEL=1 > > acl nobumping dstdomain "/etc/squid/nohttpsscan.domains" > ssl_bump splice nobumping > ssl_bump bump all > --snip-- > > with wget or curl I can download the mp4 file in both cases (with and without > sslbump) > > Can anybody try to view the video in a chromium based browser with enabled > sslbump ? > > Thank you very much. > > > -- > Regards > > Dieter > > -- > I do not get viruses because I do not use MS software. > If you use Outlook then please do not put my email address in your > address-book so that WHEN you get a virus it won't use my address in the > From field. > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -- Gruß Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
