[squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

Yuri yvoinov at gmail.com
Mon Oct 23 19:30:31 UTC 2017 


23.10.2017 23:51, L A Walsh пишет:
> I've seen this before w/google in Opera -- but it doesn't seem
> to happen with IE or Palemoon (both going through my SSL-bumping proxy).
> Even my housemate, going through the proxy using Chrome doesn't
> get this error (it also uses the system cert location).
> When I bring up the security dialog in Opera, it brings up the same
> dialog I see under the Win Control Panel under Internet Settings,
> the "Content" tab -- where I see Certificates.  My proxy cert is
> listed under the Trusted Root Cert Authorities.
>
>
> So why is Opera failing when going to google.com?
> Ideas?
Try to add this:

# Disable HSTS
reply_header_access Strict-Transport-Security deny all
reply_header_replace Strict-Transport-Security max-age=0; includeSubDomains

in your config.
>
> Thanks!
> Linda
>
>
>
>
>  Your connection is not private
>
> This server could not prove that it is *www.google.com*; its security
> certificate does not specify Subject Alternative Names. This may be
> caused by a misconfiguration or an attacker intercepting your connection.
>
> You cannot proceed because the website operator has requested
> heightened security for this domain.
>
> Back to safety
>
>
>        Help me understand
>
> When you connect to a secure website, the server hosting that site
> presents your browser with something called a "certificate" to verify
> its identity. This certificate contains identity information, such as
> the address of the website, which is verified by a third party that
> your computer trusts. By checking that the address in the certificate
> matches the address of the website, it is possible to verify that you
> are securely communicating with the website you intended, and not a
> third party (such as an attacker on your network).
>
> You cannot visit www.google.com right now because the website uses
> HSTS. Network errors and attacks are usually temporary, so this page
> will probably work later.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
**************************
* C++: Bug to the future *
**************************

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x3E3743A7.asc
Type: application/pgp-keys
Size: 2887 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171024/a56f2608/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171024/a56f2608/attachment.sig>

More information about the squid-users mailing list