[squid-users] Squid keeps using ipv6 using ssl_bump
Enrico Michieletti
gecom at tubosider.it
Mon Apr 23 08:27:02 UTC 2018
Hi!
I'm using squid from long time, as my network isn't ipv6 enabled, I've
disabled it in squid using
dns_v4_first on
tcp_outgoing_address 0.0.0.0 all
and on the interface network script on centos
IPV6INIT=no
With this configuration, all worked fine for long time with squid 3.5.23.
But Friday I've update the squid/squid helpers packages (now I'm at 3.5.27),
and I've enabled ssl_bump with the following lines:
ssl_bump none localhost
ssl_bump stare
ssl_bump bump all
http_port 8080 ssl-bump cert=/etc/squid/certificate.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
And now, on few sites (including https://wiki.squid-cache.org/), it try to
open with ipv6 with the following error:
Connection to 2001:4801:7827:102:ad34:6f78:b6dc:fbed failed.
I've tried to disable ssl_bump (using only "http_port 8080" statement) and
all works as before.
For now I've "fixed" using the following lines:
acl no_ssl_interception dstdomain .squid-cache.org
ssl_bump none no_ssl_interception
On the problematic websites.
How I can get rid of the ipv6??
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180423/c510b7cb/attachment-0001.html>
More information about the squid-users
mailing list