[squid-users] SSL Bump: I have weekly more sites to whitelist due to HTTP Error 403 on opening site content

[info at schroeffu.ch]

Hi Squid Community,

the last weeks it felt that more and more websites are going to be "incompatible" with Squid SSL bump.
Some Websites are not displayed at all and a "403 Forbidden" from their proxy is displayed, others are displayed very ugly because some CSS is missing due to HTTP Error 403 on CSS resources.

Is there any way to tune SSL Bump for less problems with websites?

Here some example websites which are not loading at all with SSL Bump:

- forcepoint.com (Their Proxy displays: 403 forbidden)
- itsg.de (Squid: Connect reset by peer)
- leica-geosystems.com (Bad Request)

Displayed very ugly because CSS Files gots HTTP Error 403 with SSL bump:

- pyur.com
- help.nextcloud.com
- it feels like all websites with Discourse Forums are having problems with ssl bump - css missing, very ugly
- many more

This are only some examples. Who can reproduce this problems with its own SSL Bump Squid? Am I doing something wrong with SSL Bump? Is Squid 5 alerady better for this? 

Thanks for any help
Schroeffu

My current cump conf is extremely simple, just the default:

http_port proxy03bs.tld.com:8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/subca.crt.pem key=/etc/squid/certs/subca.key.ohnersa.pem
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
ssl_bump bump !domains_dont_sslbump
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200828/5d928b11/attachment.htm>