[squid-users] sahibinden.com fails with https bump

turgut kalfao─člu turgut at kalfaoglu.com
Tue May 10 10:34:02 UTC 2016


Hello everyone..

My setup -- this is for speeding up the home ADSL..

https_port 3129 intercept ssl-bump \
        generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
        cert=/etc/squid/ssl_cert/myca.pem key=/etc/squid/ssl_cert/myca.pem
sslproxy_cert_adapt setCommonName ssl::certDomainMismatch
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 20 startup=3 idle=1
ssl_bump server-first  all

This works well for facebook, gmail, google, and probably others..
But https://sahibinden.com , whatever they are doing fails - the page
appears broken.
I tried  broken_sites acl trick, did not help.

acl broken_sites ssl::server_name .sahibinden.com
acl broken_sites ssl::server_name image5.sahibinden.com
acl broken_sites ssl::server_name .shbdn.com
ssl_bump none broken_sites

Does anyone have any ideas what else I can try?
Many thanks, -tk



More information about the squid-users mailing list