<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Hey y’all</div><div class=""><br class=""></div><div class="">Finally got 3.5.2 running. I was under the impression that using server-first SSL bump would still be compatible, despite all the Peek & Splice changes, but apparently not. Hopefully someone can explain what might be going wrong here ...</div><div class=""><br class=""></div><div class="">Using the same SSL Bump config that we used for 3.4, we now seeing this happen:</div><div class=""><div style="margin: 0px; font-family: Menlo; color: rgb(248, 248, 248); background-color: rgb(35, 35, 35);" class="">19/Mar/2015-16:21:32     22 d4:f4:6f:71:90:e6 10.0.1.71 TCP_DENIED 200 0 CONNECT 94.31.29.230:443 - server-first - HIER_NONE/- - -</div></div><div class=""><br class=""></div><div class="">Instead of this:</div><div class=""><div style="margin: 0px; font-family: Menlo; color: rgb(248, 248, 248); background-color: rgb(35, 35, 35);" class="">19/Mar/2015-14:42:04    736 d4:f4:6f:71:90:e6 10.0.1.71 TCP_MISS 200 96913 GET <a href="https://code.jquery.com/jquery-1.11.0.min.js" class="">https://code.jquery.com/jquery-1.11.0.min.js</a> - server-first Mozilla/5.0%20(iPhone;%20CPU%20iPhone%20OS%208_2%20like%20Mac%20OS%20X)%20AppleWebKit/600.1.4%20(KHTML,%20like%20Gecko)%20Mobile/12D508 ORIGINAL_DST/94.31.29.53 application/x-javascript -</div></div><div class=""><br class=""></div><div class="">This request happens in a little splash page which is designed to test if squid’s CA cert is installed on the client and redirect them to some instructions if it’s not. This definitely isn’t happening for all intercepted HTTPS requests, just this (particularly important) one and some others.</div><div class=""><br class=""></div><div class="">SSL Bump config:</div><div class=""><div style="margin: 0px; font-family: Menlo; color: rgb(248, 248, 248); background-color: rgb(35, 35, 35);" class="">ssl_bump <span style="font-variant-ligatures: no-common-ligatures; color: #f4888a" class="">none</span> localhost</div><div style="margin: 0px; font-family: Menlo; color: rgb(248, 248, 248); background-color: rgb(35, 35, 35); min-height: 14px;" class="">ssl_bump server-first <span style="color: rgb(244, 136, 138);" class="">all</span></div></div><div class=""><div style="margin: 0px; font-family: Menlo; color: rgb(248, 248, 248); background-color: rgb(35, 35, 35);" class="">sslproxy_cert_error <span style="font-variant-ligatures: no-common-ligatures; color: #f4888a" class="">deny</span> <span style="font-variant-ligatures: no-common-ligatures; color: #f4888a" class="">all</span></div><div style="margin: 0px; font-family: Menlo; color: rgb(248, 248, 248); background-color: rgb(35, 35, 35);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f4888a" class=""><br class=""></span></div><div style="margin: 0px; font-family: Menlo; color: rgb(248, 248, 248); background-color: rgb(35, 35, 35); min-height: 14px;" class="">sslcrtd_program /usr/bin/squid_ssl_crtd -s /path/to/squid/ssl_db -M 4MB</div><div style="margin: 0px; font-family: Menlo; color: rgb(248, 248, 248); background-color: rgb(35, 35, 35);" class="">sslcrtd_children <span style="font-variant-ligatures: no-common-ligatures; color: #f4888a" class="">32</span> startup=<span style="font-variant-ligatures: no-common-ligatures; color: #f4888a" class="">5</span> idle=<span style="font-variant-ligatures: no-common-ligatures; color: #f4888a" class="">1</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f4888a" class=""><br class=""></span></div><div class=""><div class="">DNAT intercepting port config:</div><div class=""><div style="margin: 0px; font-family: Menlo; color: rgb(248, 248, 248); background-color: rgb(35, 35, 35);" class="">https_port <span style="color: rgb(244, 136, 138);" class="">3130</span> intercept name=<span style="color: rgb(244, 136, 138);" class="">3130</span> ssl-bump generate-host-certificates=<span style="color: rgb(244, 136, 138);" class="">on</span> dynamic_cert_mem_cache_size=4MB cert=/path/to/squid/proxy-cert.cer key=/path/to/squid/proxy-key.key</div></div></div><div class=""><br class=""></div><div class="">Thanks!</div></body></html>