[squid-users] HTTPS chrome - SHA1 this page is insecure
Amos Jeffries
squid3 at treenet.co.nz
Wed Aug 31 15:15:51 UTC 2016
On 1/09/2016 2:26 a.m., erdosain9 wrote:
> Hi.
> Im using ssl-bump.. all ir working fine, but i want to know if it is
> possible that which is not seen crossed out and red "https".
> This happen just in Chrome
> This page is insecure (broken HTTPS)
> SHA-1 Certificate
> The certificate for this site expires in 2017 or later, and the certificate
> chain contains a certificate signed using SHA-1.
This requires changes to the certificate generator used by SSL-Bump.
IIRC there were some patches, but I can't find them right now in the
changesets. If the issue exists in current releases then please ask on
squid-dev.
Of course, its possible the site realy does have a SHA1 certificate and
Squid is just passing on the real details. The mimic feature is designed
to ensure TLS is actually transparent as best we can manage.
Amos
More information about the squid-users
mailing list