[squid-users] Cannot access https site
Amos Jeffries
squid3 at treenet.co.nz
Tue May 16 13:14:45 UTC 2017
On 16/05/17 19:54, Vieri wrote:
>
> Which "other configuration aspects are wrong", as you say? Are you
> referring to "sslproxy_cert_error allow all" or are there more?
The "always_direct allow all" is wrong, you do not have cache_peer, and
if you did why would you prohibit using any of them for *all* traffic ?
That "sslproxy_cert_error allow all" is the default, so useless to
configure - but not exactly wrong, just a waste of CPU and memory
setting up ACLs only to do nothing.
In a similar topic many of the request_header_access rules are checking
for non-request headers. (eg. Title, WWW-Authenticate) or headers which
are not relayed (eg. all the Proxy-* ones).
> # squid -version Squid Cache: Version 3.5.14
On 16/05/17 05:25, Alex Rousskov wrote:
>
> (and use the latest v3.5 or later if you are doing SslBump, regardless
> of what your OS packages for you).
The current release is 3.5.25 or 4.0.19. A lot has changed in the last
year in terms of both TLS practices and how SSL-Bump works to fit with
those.
Amos
More information about the squid-users
mailing list