[squid-users] (SQUID 4.11) SSl_bump Fails on IOS and Android devices
Allan Raymond Ignacio
arignacio80 at gmail.com
Mon May 11 01:27:39 UTC 2020
Any other suggestions besides TLS cause i need to have this running for my
kids' home schooling as they rely on their ipads (schoology and seesaw)?
On Sun, May 10, 2020, 8:00 PM Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 11/05/20 8:26 am, Allan Raymond Ignacio wrote:
> > I have compiled and installed SQUID_4.11-3 with SSL, CRTD on debian10
> > and here is my configuration -
> >
> >
> ...
> >
> > ### I can browse https on laptops BUT when I used IOS devices or
> > android, I get errors with this -
> >
> >
> > 1589083941.053 1 192.168.10.15 NONE_ABORTED/200 0 CONNECT
> > 157.240.18.35:443 <http://157.240.18.35:443> - HIER_NONE/- -
> >
>
> The client is disconnecting during the TLS handshake. Worth looking into
> the TLS traffic to see what is going on, but expect good chances that
> cert pinning or TLS/1.3 is being used here.
>
>
> >
> > If anyone can point to me what's wrong with my squid.conf configuration
> > or can provide me with a working squid.conf for ssl_bump, I will be
> > indebted to you.
> >
>
> Looks like a reasonable config to me.
>
> An always-working config is not possible at this time. TLS is still a
> volatile environment and the SSL-Bump features constantly undergoing
> improvements. Which some of its behaviours are gaining stability, the
> SSL-Bump feature overall is still experimental.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200510/b9899917/attachment.html>
More information about the squid-users
mailing list