[squid-users] squid 4.0.19 error with certificates

Yuri yvoinov at gmail.com
Mon May 1 09:13:52 UTC 2017 

Sorry, this is not solution. All https spliced means for me catastrophyc 
drop byte hit. I knew about this wrkarnd from the beginning. But this is 
unacceptable.

At maximum this is temporary workaround.


01.05.2017 15:10, marco пишет:
> solution:
> all monitoredsites, m1 m2 are bumped correctly
> all others are spliced
> squid4
>
> this works great. just contact me for questions.
>
>
> acl monitoredSites ssl::server_name_regex -i 
> (phncdn|ypncdn|heise|rncdn|youporn)
>
> acl m1 ssl::server_name_regex -i \.youporn\.com
>
> acl m2 ssl::server_name_regex -i \.rncdn7\.com
>
> ssl_bump stare m1
> ssl_bump stare m2
> ssl_bump stare monitoredSites
> ssl_bump peek !m1 !m2 !monitoredSites
> #ssl_bump splice step3 !m1 !m2
> ssl_bump bump m1
> ssl_bump bump m2
> ssl_bump bump monitoredSites
> ssl_bump splice !m1 !m2 !monitoredSites
>
> marco- Contact Using Hop <http://GetHop.com/?_hmid=1493629813>
>
>
> On April 30, 2017 at 13:35 GMT, Yuri Voinov <yvoinov at gmail.com 
> <mailto:yvoinov at gmail.com>> wrote:
>
>
>     Check this. It seems this is the issue:
>
>     http://bugs.squid-cache.org/show_bug.cgi?id=4711
>
>
>     30.04.2017 12:02, snable snable пишет:
>>     hello
>>
>>     i am using squid on a external box.
>>     i forward all traffic from my openwrt router to it
>>     htto works fine
>>     https with youtube app doesnt work
>>     i get:
>>
>>      Error negotiating SSL connection on FD 73: error:14094416
>>     :SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown (1/0)
>>
>>     errors
>>
>>     other sites work well so far
>>
>>     i heard that squid4 auto downloads intermediate certificates..
>>     maybe thats the issue?
>>
>>     i workarounded this with a white list of sites that work. but i
>>     wanna rollout this for all sites. (also see my other question)
>>
>>     thanks!
>>
>>
>>
>>     _______________________________________________
>>     squid-users mailing list
>>     squid-users at lists.squid-cache.org
>>     http://lists.squid-cache.org/listinfo/squid-users
>
>     -- 
>     Bugs to the Future
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170501/cf85977b/attachment-0001.html>

More information about the squid-users mailing list