<html>
<head>
<meta http-equiv="content-type" content: text/html; charset=utf-8>
</head>
<body>
<div id="chromeclipboard" class="selectable">Squid 3.5.25 +
Squidclamav(c-icap) + SquidGuard<br>
Here are the logs with SSL_ERROR_RX_RECORD_TOO_LONG in Firefox by
debug_options ALL,1 11,2 and 61,5 <br>
<a
href="https://mega.nz/#!dIdAkYra!aVEg07Sc9OxRwYiRAPk49dwegr2r-sdX2u73btEdDVk">https://mega.nz/#!dIdAkYra!aVEg07Sc9OxRwYiRAPk49dwegr2r-sdX2u73btEdDVk</a><br>
<br>
Here the squid.conf & squidguard.conf<br>
<a
href="https://pastebin.com/v2LA8CcR">https://pastebin.com/v2LA8CcR</a><br>
</div>
<br>
<br>
<span style="color: gray;">05/31/17 09:10:39, Andi <<a
href="mailto:andreas.lauterbach76@gmx.de">andreas.lauterbach76@gmx.de</a>>:</span><br>
<blockquote style="border-left: 1px solid rgb(204, 204, 204);margin: 0 0 0
0.8ex;padding: 1ex 0 0 1ex;">
Thank you again,<br>
<br>
It was all working together with "ssl_bump server-first all" optin for
squidclamav(c-icap) and squidGuard 1.5 for Squid v 3.48 packages at debian
jessie<br>
Now after installing new Squid 3.5.25 with splice/peek support, its all
working except of ssl websites.<br>
I 'll reproduce the SSL_ERROR_RX_RECORD_TOO_LONG in Firefox by
debug_options ALL,1 11,2 and 61,5 enabled and post here full access and
cache logs.<br>
<br>
<br>
<span style="color: gray;">05/31/17 02:31:42, Amos Jeffries <<a
href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>>:</span><br>
<blockquote style="border-left: 1px solid rgb(204, 204, 204);margin: 0 0 0
0.8ex;padding: 1ex 0 0 1ex;">On 30/05/17 21:55, Andi wrote:<br>
> Thank you for all your suggestions Mister.<br>
><br>
> I improved my conf by them and disabled squidguard for testing and its
<br>
> working now fine without squidguard.<br>
> So I need to investigate why squidguard won't run with https sites on
<br>
> v 3.5.25<br>
><br>
> squidGuard -v<br>
> SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013)<br>
><br>
> How can I find out what happens between Squid, SquidGuard at debian
<br>
> and Firefox at client side ?<br>
<br>
The Squid<->Firefox is all HTTP so for that debug_options 11,2.<br>
That will also show you any of the HTTP to servers if it is involved.<br>
<br>
For the redirector debug_options 61,5<br>
<br>
<br>
<br>
><br>
> I tried echo tests locally with squidguard but it only shows ERR <br>
> results with https sites.<br>
> Http sites are working well as expected with squidguard<br>
<br>
I'm not entirely surprised by that. SG has not been maintained since <br>
before Squid was handling <a href="https://">https://</a> on a regular
basis. So it may simply <br>
be not able to process that type of URL.<br>
<br>
<br>
Squid can now do a lot of what SG was useful for. But if you really <br>
still need SG for something perhapse you should try using the ufdbguard
<br>
helper instead. It is essentially a drop-in replacement but has extra <br>
features for a lot more modern traffic handling and has active support.<br>
<br>
Amos<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
<a
href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
<a
href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote>
</body>
</html>