<font size=2 face="sans-serif">Hello Antony;</font>
<br><font size=2 face="sans-serif">I have setup like below :-</font>
<br>
<br><font size=2 face="sans-serif">end user >> LinuxProxy(3.1.10)
>> External Proxy(3.4)>> Internet</font>
<br>
<ul>
<li><font size=2 face="sans-serif">when we configure external proxy ip
in end user's IE, all HTTP & HTTPS site work properly.</font>
<li><font size=2 face="sans-serif">when we configure Linux proxy ip in
end user's IE, HTTP works fine but none of the HTTPS site open.</font>
<li><font size=2 face="sans-serif">when we access https site from LinuxProxy,
below logs are appearing in access.log </font></ul><font size=2 face="sans-serif">
TCP_DENIED/407 CONNECT sitename:443 - NONE/
text/html </font>
<br><font size=2 face="sans-serif"> TCP_MISS/503
0 CONNECT sitename:443 username@MYDOMAIN.COM
DIRECT / - -</font>
<br><font size=2 face="sans-serif"> TCP_MISS/200
23456 GET </font><a href=http://www.anysite.com/><font size=2 color=blue face="sans-serif">http://www.anysite.com</font></a><font size=2 face="sans-serif">
username@MYDOMAIN.COM DEFAULT_PARENT/10.10.x.x
text/html</font>
<br>
<br>
<br><font size=2 face="sans-serif">what I making out from log is ( I might
be wrong) - HTTPS request are going directly instead .</font>
<br>
<br><font size=2 face="sans-serif">attached is my Linux Proxy config-</font>
<br>
<br><font size=2 face="sans-serif">=================</font>
<br><font size=2 face="Courier New">#</font>
<br><font size=2 face="Courier New"># Recommended minimum configuration:</font>
<br><font size=2 face="Courier New">#</font>
<br>
<br><font size=2 face="Courier New">#auth_param negotiate program /usr/lib64/squid/squid_kerb_auth
-d -s GSS_C_NO_NAME</font>
<br><font size=2 face="Courier New">auth_param negotiate program /usr/lib64/squid/squid_kerb_auth
-s HTTP/proxy02.abcd.com@ABCD.COM -d</font>
<br><font size=2 face="Courier New">auth_param negotiate children 10</font>
<br><font size=2 face="Courier New">auth_param negotiate keep_alive on</font>
<br><font size=2 face="Courier New">auth_param basic credentialsttl 2 hours</font>
<br><font size=2 face="Courier New">acl ad_auth proxy_auth REQUIRED</font>
<br>
<br><font size=2 face="Courier New">acl manager proto cache_object</font>
<br><font size=2 face="Courier New">acl localhost src 127.0.0.1/32 ::1</font>
<br><font size=2 face="Courier New">acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
::1</font>
<br>
<br><font size=2 face="Courier New"># Example rule allowing access from
your local networks.</font>
<br><font size=2 face="Courier New"># Adapt to list your (internal) IP
networks from where browsing</font>
<br><font size=2 face="Courier New"># should be allowed</font>
<br><font size=2 face="Courier New">acl localnet src 10.0.0.0/8
# RFC1918 possible internal network</font>
<br><font size=2 face="Courier New">acl localnet src 172.16.0.0/12
# RFC1918 possible internal network</font>
<br><font size=2 face="Courier New">acl localnet src 192.168.0.0/16
# RFC1918 possible internal network</font>
<br><font size=2 face="Courier New">acl localnet src fc00::/7
# RFC 4193 local private network range</font>
<br><font size=2 face="Courier New">acl localnet src fe80::/10
# RFC 4291 link-local (directly plugged) machines</font>
<br>
<br><font size=2 face="Courier New">acl SSL_ports port 443</font>
<br><font size=2 face="Courier New">acl Safe_ports port 80
# http</font>
<br><font size=2 face="Courier New">acl Safe_ports port 21
# ftp</font>
<br><font size=2 face="Courier New">acl Safe_ports port 443
# https</font>
<br><font size=2 face="Courier New">acl Safe_ports port 70
# gopher</font>
<br><font size=2 face="Courier New">acl Safe_ports port 210
# wais</font>
<br><font size=2 face="Courier New">acl Safe_ports port 1025-65535
# unregistered ports</font>
<br><font size=2 face="Courier New">acl Safe_ports port 280
# http-mgmt</font>
<br><font size=2 face="Courier New">acl Safe_ports port 488
# gss-http</font>
<br><font size=2 face="Courier New">acl Safe_ports port 591
# filemaker</font>
<br><font size=2 face="Courier New">acl Safe_ports port 777
# multiling http</font>
<br><font size=2 face="Courier New">acl CONNECT method CONNECT</font>
<br>
<br><font size=2 face="Courier New">#</font>
<br><font size=2 face="Courier New"># Recommended minimum Access Permission
configuration:</font>
<br><font size=2 face="Courier New">#</font>
<br><font size=2 face="Courier New"># Only allow cachemgr access from localhost</font>
<br><font size=2 face="Courier New">http_access allow manager localhost</font>
<br><font size=2 face="Courier New">http_access deny manager</font>
<br>
<br><font size=2 face="Courier New"># Deny requests to certain unsafe ports</font>
<br><font size=2 face="Courier New">http_access deny !Safe_ports</font>
<br>
<br><font size=2 face="Courier New"># Deny CONNECT to other than secure
SSL ports</font>
<br><font size=2 face="Courier New">http_access deny CONNECT !SSL_ports</font>
<br>
<br><font size=2 face="Courier New"># We strongly recommend the following
be uncommented to protect innocent</font>
<br><font size=2 face="Courier New"># web applications running on the proxy
server who think the only</font>
<br><font size=2 face="Courier New"># one who can access services on "localhost"
is a local user</font>
<br><font size=2 face="Courier New">#http_access deny to_localhost</font>
<br>
<br><font size=2 face="Courier New">#</font>
<br><font size=2 face="Courier New"># INSERT YOUR OWN RULE(S) HERE TO ALLOW
ACCESS FROM YOUR CLIENTS</font>
<br><font size=2 face="Courier New">#</font>
<br><font size=2 face="Courier New">#</font>
<br><font size=2 face="Courier New"># Example rule allowing access from
your local networks.</font>
<br><font size=2 face="Courier New"># Adapt localnet in the ACL section
to list your (internal) IP networks</font>
<br><font size=2 face="Courier New"># from where browsing should be allowed</font>
<br><font size=2 face="Courier New">#http_access allow localnet</font>
<br><font size=2 face="Courier New">#http_access allow localhost</font>
<br><font size=2 face="Courier New">http_access deny !ad_auth</font>
<br><font size=2 face="Courier New">http_access allow ad_auth</font>
<br>
<br>
<br><font size=2 face="Courier New"># And finally deny all other access
to this proxy</font>
<br><font size=2 face="Courier New">http_access deny all</font>
<br>
<br><font size=2 face="Courier New"># Squid normally listens to port 3128</font>
<br><font size=2 face="Courier New">http_port 8080</font>
<br>
<br><font size=2 face="Courier New">cache_peer xx.xx.2.108 parent 8080
0 default</font>
<br><font size=2 face="Courier New">#dns_nameservers ABCDNS.ABCD.COM</font>
<br><font size=2 face="Courier New">dns_nameservers xx.xx.2.108</font>
<br>
<br><font size=2 face="Courier New"># We recommend you to use at least
the following line.</font>
<br><font size=2 face="Courier New">#hierarchy_stoplist cgi-bin ?</font>
<br>
<br><font size=2 face="Courier New"># Uncomment and adjust the following
to add a disk cache directory.</font>
<br><font size=2 face="Courier New">cache_dir ufs /var/spool/squid 2048
16 256</font>
<br>
<br><font size=2 face="Courier New"># Leave coredumps in the first cache
dir</font>
<br><font size=2 face="Courier New">coredump_dir /var/spool/squid</font>
<br><font size=2 face="Courier New"># Log forwarding to SysLog</font>
<br><font size=2 face="Courier New">access_log syslog:local1.info</font>
<br>
<br><font size=2 face="Courier New"># Add any of your own refresh_pattern
entries above these.</font>
<br><font size=2 face="Courier New">refresh_pattern ^ftp:
1440
20% 10080</font>
<br><font size=2 face="Courier New">refresh_pattern ^gopher:
1440 0%
1440</font>
<br><font size=2 face="Courier New">refresh_pattern -i (/cgi-bin/|\?) 0
0% 0</font>
<br><font size=2 face="Courier New">refresh_pattern .
0
20% 4320</font>
<br><font size=2 face="sans-serif">-======================================</font>
<br>
<br><font size=2 face="sans-serif">Thanks & Regards<br>
Nilesh Suresh Gavali<br>
<br>
</font>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From:
</font><font size=1 face="sans-serif">squid-users-request@lists.squid-cache.org</font>
<br><font size=1 color=#5f5f5f face="sans-serif">To:
</font><font size=1 face="sans-serif">squid-users@lists.squid-cache.org</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date:
</font><font size=1 face="sans-serif">14/06/2016 13:00</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject:
</font><font size=1 face="sans-serif">squid-users
Digest, Vol 22, Issue 62</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Sent by:
</font><font size=1 face="sans-serif">"squid-users"
<squid-users-bounces@lists.squid-cache.org></font>
<br>
<hr noshade>
<br>
<br>
<br><tt><font size=2>Send squid-users mailing list submissions to<br>
squid-users@lists.squid-cache.org<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
</font></tt><a href="http://lists.squid-cache.org/listinfo/squid-users"><tt><font size=2>http://lists.squid-cache.org/listinfo/squid-users</font></tt></a><tt><font size=2><br>
or, via email, send a message with subject or body 'help' to<br>
squid-users-request@lists.squid-cache.org<br>
<br>
You can reach the person managing the list at<br>
squid-users-owner@lists.squid-cache.org<br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of squid-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Excessive TCP memory usage (Eliezer Croitoru)<br>
2. Re: Squid not allowing HTTPS access (Nilesh Gavali)<br>
3. Re: Squid not allowing HTTPS access (Antony Stone)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 14 Jun 2016 13:21:32 +0300<br>
From: "Eliezer Croitoru" <eliezer@ngtech.co.il><br>
To: "'Deniz Eren'" <denizlist@denizeren.net>,<br>
<squid-users@lists.squid-cache.org><br>
Subject: Re: [squid-users] Excessive TCP memory usage<br>
Message-ID: <05c801d1c626$85a97ff0$90fc7fd0$@ngtech.co.il><br>
Content-Type: text/plain;
charset="utf-8"<br>
<br>
Hey,<br>
<br>
Steps to reproduce are not exactly everything since squid works fine in
many other scenarios.<br>
I do not know this specific system but if you are talking about 1-4k open
connections it should not be a big problem for many servers.<br>
The issue in hands is a bit different.<br>
Have you tried tuning the ipv4\net using sysctl to see if it affects anything?<br>
What I can offer is to build a tiny ICAP service that will use a 204 on
every request and then moves on.<br>
If the same happens with the dummy service it's probably a very bad scenario
and if not then we can try to think<br>
if there is something unique about your setup.<br>
<br>
I have not seen this issue in my current testing setup which includes 3.5.19
+ ICAP url filtering service.<br>
<br>
Eliezer<br>
<br>
----<br>
Eliezer Croitoru<br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: eliezer@ngtech.co.il<br>
<br>
<br>
-----Original Message-----<br>
From: squid-users [</font></tt><a href="mailto:squid-users-bounces@lists.squid-cache.org"><tt><font size=2>mailto:squid-users-bounces@lists.squid-cache.org</font></tt></a><tt><font size=2>]
On Behalf Of Deniz Eren<br>
Sent: Tuesday, June 14, 2016 11:07 AM<br>
To: squid-users@lists.squid-cache.org<br>
Subject: Re: [squid-users] Excessive TCP memory usage<br>
<br>
Little bump :)<br>
<br>
I have posted bug report with steps to reproduce. The problem still exists
and I am curious whether anyone else is having the same problem, too.<br>
<br>
</font></tt><a href="http://bugs.squid-cache.org/show_bug.cgi?id=4526"><tt><font size=2>http://bugs.squid-cache.org/show_bug.cgi?id=4526</font></tt></a><tt><font size=2><br>
<br>
On Wed, May 25, 2016 at 1:18 PM, Deniz Eren <denizlist@denizeren.net>
wrote:<br>
> When I listen to connections between squid and icap using tcpdump
I <br>
> saw that after a while icap closes the connection but squid does not
<br>
> close, so connection stays in CLOSE_WAIT state:<br>
><br>
> [root@test ~]# tcpdump -i any -n port 34693<br>
> tcpdump: WARNING: Promiscuous mode not supported on the "any"
device<br>
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
<br>
> decode listening on any, link-type LINUX_SLL (Linux cooked), capture
<br>
> size 96 bytes<br>
> 13:07:31.802238 IP 127.0.0.1.icap > 127.0.0.1.34693: F<br>
> 2207817997:2207817997(0) ack 710772005 win 395 <nop,nop,timestamp<br>
> 104616992 104016968><br>
> 13:07:31.842186 IP 127.0.0.1.34693 > 127.0.0.1.icap: . ack 1 win
3186 <br>
> <nop,nop,timestamp 104617032 104616992><br>
><br>
> [root@test ~]# netstat -tulnap|grep 34693<br>
> tcp 215688 0 127.0.0.1:34693
127.0.0.1:1344<br>
> CLOSE_WAIT 19740/(squid-1)<br>
><br>
> These CLOSE_WAIT connections do not timeout and stay until squid <br>
> process is killed.<br>
><br>
> 2016-05-25 10:37 GMT+03:00 Deniz Eren <denizlist@denizeren.net>:<br>
>> 2016-05-24 21:47 GMT+03:00 Amos Jeffries <squid3@treenet.co.nz>:<br>
>>> On 25/05/2016 5:50 a.m., Deniz Eren wrote:<br>
>>>> Hi,<br>
>>>><br>
>>>> After upgrading to squid 3.5.16 I realized that squid
started using <br>
>>>> much of kernel's TCP memory.<br>
>>><br>
>>> Upgrade from which version?<br>
>>><br>
>> Upgrading from squid 3.1.14. I started using c-icap and ssl-bump.<br>
>><br>
>>>><br>
>>>> When squid was running for a long time TCP memory usage
is like below:<br>
>>>> test@test:~$ cat /proc/net/sockstat<br>
>>>> sockets: used *<br>
>>>> TCP: inuse * orphan * tw * alloc * mem 200000<br>
>>>> UDP: inuse * mem *<br>
>>>> UDPLITE: inuse *<br>
>>>> RAW: inuse *<br>
>>>> FRAG: inuse * memory *<br>
>>>><br>
>>>> When I restart squid the memory usage drops dramatically:<br>
>>><br>
>>> Of course it does. By restarting you just erased all of the
<br>
>>> operational state for an unknown but large number of active
network connections.<br>
>>><br>
>> That's true but what I mean was squid's CLOSE_WAIT connections
are <br>
>> using too much memory and they are not timing out.<br>
>><br>
>>> Whether many of those should have been still active or not
is a <br>
>>> different question. the answer to which depends on how you
have your <br>
>>> Squid configured, and what the traffic through it has been
doing.<br>
>>><br>
>>><br>
>>>> test@test:~$ cat /proc/net/sockstat<br>
>>>> sockets: used *<br>
>>>> TCP: inuse * orphan * tw * alloc * mem 10<br>
>>>> UDP: inuse * mem *<br>
>>>> UDPLITE: inuse *<br>
>>>> RAW: inuse *<br>
>>>> FRAG: inuse * memory *<br>
>>>><br>
>>><br>
>>> The numbers you replaced with "*" are rather important
for context.<br>
>>><br>
>>><br>
>> Today again I saw the problem:<br>
>><br>
>> test@test:~$ cat /proc/net/sockstat<br>
>> sockets: used 1304<br>
>> TCP: inuse 876 orphan 81 tw 17 alloc 906 mem 29726<br>
>> UDP: inuse 17 mem 8<br>
>> UDPLITE: inuse 0<br>
>> RAW: inuse 1<br>
>> FRAG: inuse 0 memory 0<br>
>><br>
>>>> I'm using Squid 3.5.16.<br>
>>>><br>
>>><br>
>>> Please upgrade to 3.5.19. Some important issues have been
resolved. <br>
>>> Some of them may be related to your TCP memory problem.<br>
>>><br>
>>><br>
>> I have upgraded now and problem still exists.<br>
>><br>
>>>> When I look with "netstat" and "ss"
I see lots of CLOSE_WAIT <br>
>>>> connections from squid to ICAP or from squid to upstream
server.<br>
>>>><br>
>>>> Do you have any idea about this problem?<br>
>>><br>
>>> Memory use by the TCP system of your kernel has very little
to do <br>
>>> with Squid. Number of sockets in CLOSE_WAIT does have some
relation <br>
>>> to Squid or at least to how the traffic going through it is
handled.<br>
>>><br>
>>> If you have disabled persistent connections in squid.conf
then lots <br>
>>> of closed sockets and FD are to be expected.<br>
>>><br>
>>> If you have persistent connections enabled, then fewer closures
<br>
>>> should happen. But some will so expectations depends on how
high the <br>
>>> traffic load is.<br>
>>><br>
>> Persistent connection parameters are enabled in my conf, the problem
<br>
>> occurs especially with connections to c-icap service.<br>
>><br>
>> My netstat output is like this:<br>
>> netstat -tulnap|grep squid|grep CLOSE<br>
>><br>
>> tcp 211742 0 127.0.0.1:55751
127.0.0.1:1344<br>
>> CLOSE_WAIT 17076/(squid-1)<br>
>> tcp 215700 0 127.0.0.1:55679
127.0.0.1:1344<br>
>> CLOSE_WAIT 17076/(squid-1)<br>
>> tcp 215704 0 127.0.0.1:55683
127.0.0.1:1344<br>
>> CLOSE_WAIT 17076/(squid-1)<br>
>> ...(hundreds)<br>
>> Above ones are connections to c-icap service.<br>
>><br>
>> netstat -tulnap|grep squid|grep CLOSE Active Internet connections
<br>
>> (servers and established)<br>
>> Proto Recv-Q Send-Q Local Address
Foreign Address<br>
>> State PID/Program name<br>
>> tcp 1 0 192.168.2.1:8443
192.168.6.180:45182<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.2.177:50020<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.2.172:60028<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.6.180:44049<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.6.180:55054<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.2.137:52177<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.6.180:43542<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.6.155:39489<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.0.147:38939<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.6.180:38754<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.0.164:39602<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.0.147:54114<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.6.180:57857<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> tcp 1 0 192.168.2.1:8443
192.168.0.156:43482<br>
>> CLOSE_WAIT 15245/(squid-1)<br>
>> ...(about 50)<br>
>> Above ones are connections from https port to client.<br>
>><br>
>> As you can see recv-q for icap connections allocate more memory
but <br>
>> connections from https_port to upstream server connections allocate
<br>
>> only one byte.<br>
>><br>
>> What can be done to close these unused connections?<br>
>><br>
>> The problem in this thread seems similar:<br>
>> </font></tt><a href="http://www.squid-cache.org/mail-archive/squid-users/201301/0092.html"><tt><font size=2>http://www.squid-cache.org/mail-archive/squid-users/201301/0092.html</font></tt></a><tt><font size=2><br>
>><br>
>>> Amos<br>
>>><br>
>>> _______________________________________________<br>
>>> squid-users mailing list<br>
>>> squid-users@lists.squid-cache.org<br>
>>> </font></tt><a href="http://lists.squid-cache.org/listinfo/squid-users"><tt><font size=2>http://lists.squid-cache.org/listinfo/squid-users</font></tt></a><tt><font size=2><br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
</font></tt><a href="http://lists.squid-cache.org/listinfo/squid-users"><tt><font size=2>http://lists.squid-cache.org/listinfo/squid-users</font></tt></a><tt><font size=2><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Tue, 14 Jun 2016 11:36:30 +0100<br>
From: Nilesh Gavali <nilesh.gavali@tcs.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: Re: [squid-users] Squid not allowing HTTPS access<br>
Message-ID:<br>
<OF83BE7BF7.92EBA289-ON80257FD2.003A3940-80257FD2.003A455E@tcs.com><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Team;<br>
kindly help on below issue.<br>
<br>
Thanks & Regards<br>
Nilesh Suresh Gavali<br>
<br>
<br>
<br>
From: Nilesh Gavali/MUM/TCS<br>
To: squid-users@lists.squid-cache.org<br>
Date: 13/06/2016 14:00<br>
Subject: Squid not allowing HTTPS access<br>
<br>
<br>
<br>
Hello All;<br>
Facing issue while accessing HTTPS via squid, normal http traffic working
<br>
fine. I have squid 3.1.10 on RHEL.6.0<br>
<br>
attached is my squid .conf for your reference,..help will be much <br>
appreciated.<br>
<br>
<br>
<br>
Thanks & Regards<br>
Nilesh Suresh Gavali<br>
=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <</font></tt><a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160614/79185c58/attachment-0001.html"><tt><font size=2>http://lists.squid-cache.org/pipermail/squid-users/attachments/20160614/79185c58/attachment-0001.html</font></tt></a><tt><font size=2>><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: squid.conf<br>
Type: application/octet-stream<br>
Size: 3149 bytes<br>
Desc: not available<br>
URL: <</font></tt><a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160614/79185c58/attachment-0001.obj"><tt><font size=2>http://lists.squid-cache.org/pipermail/squid-users/attachments/20160614/79185c58/attachment-0001.obj</font></tt></a><tt><font size=2>><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Tue, 14 Jun 2016 12:40:14 +0200<br>
From: Antony Stone <Antony.Stone@squid.open.source.it><br>
To: squid-users@lists.squid-cache.org<br>
Subject: Re: [squid-users] Squid not allowing HTTPS access<br>
Message-ID: <201606141240.15034.Antony.Stone@squid.open.source.it><br>
Content-Type: Text/Plain; charset="iso-8859-15"<br>
<br>
On Tuesday 14 June 2016 at 12:36:30, Nilesh Gavali wrote:<br>
<br>
> Team;<br>
> kindly help on below issue.<br>
<br>
Nilesh:<br>
kindly respond to my reply below.<br>
<br>
On Monday 13 June 2016 at 15:26:22, Antony Stone wrote:<br>
<br>
> On Monday 13 June 2016 at 15:01:02, Nilesh Gavali wrote:<br>
> > Facing issue while accessing HTTPS via squid, normal http traffic
working<br>
> > fine.<br>
> <br>
> Please define "issue", with as much detail as possible:<br>
> <br>
> - what exactly are you trying to do when a problem occurs?<br>
> <br>
> - have you previously been able to do this without the problem
occurring? <br>
> If so, what has changed between then and now (different squid config,<br>
> different squid version, different browser...)?<br>
> <br>
> - what is the actual problem (what error message is displayed,
if there is<br>
> one)?<br>
> <br>
> - what appears in your access.log when the problem occurs?<br>
> <br>
> - any other information you think might be relevant to us in
working out<br>
> what's happening on your network?<br>
> <br>
> > I have squid 3.1.10 on RHEL.6.0<br>
> <br>
> For HTTPS traffic in particular you are strongly advised to upgrade.<br>
> <br>
> <br>
> Regards,<br>
> <br>
> Antony.<br>
<br>
-- <br>
All generalisations are inaccurate.<br>
<br>
Please reply to the list;<br>
please *don't* CC me.<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
</font></tt><a href="http://lists.squid-cache.org/listinfo/squid-users"><tt><font size=2>http://lists.squid-cache.org/listinfo/squid-users</font></tt></a><tt><font size=2><br>
<br>
<br>
------------------------------<br>
<br>
End of squid-users Digest, Vol 22, Issue 62<br>
*******************************************<br>
</font></tt>
<br>