<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb18030">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>In practice POST url always better to get splice. This prevents
much errors.<br>
</p>
<p>SSL3_GET_SERVER_CERTIFICATE itself means that some client
application trying to establish secure connection uses old SSLv3
protocol. This applications also better to splice, if not possible
to upgrade applications (often it is not possible).<br>
</p>
<br>
<div class="moz-cite-prefix">11.12.2017 7:06, G~D~Lunatic пишет:<br>
</div>
<blockquote type="cite"
cite="mid:tencent_C3FDC8758E0F1D0E5D8F8F98217B55C36805@qq.com">
<table style="width: 99.8%; ">
<tbody>
<tr>
<td id="QQMAILSTATIONERY"
style="background:url(https://rescdn.qqmail.com/zh_CN/htmledition/images/xinzhi/bg/a_02.jpg)
no-repeat #fffaf6; min-height:550px; padding:100px 55px
200px 100px; "><span class="tgt" data-group="0-0"
style="box-sizing: border-box; line-height: 20px; color:
rgb(46, 48, 51); font-family: Arial, 'Microsoft YaHei',
微软雅黑, 宋体, 'Malgun Gothic', Meiryo, sans-serif;
font-size: 12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(238, 240, 242);"></span><span
class="tgt highlight" data-group="0-1"
style="box-sizing: border-box; line-height: 20px;
background-color: rgb(238, 238, 238); color: rgb(51,
133, 255); font-family: Arial, 'Microsoft YaHei', 微软雅黑,
宋体, 'Malgun Gothic', Meiryo, sans-serif; font-size:
12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-position: initial initial; background-repeat:
initial initial;"></span> my squid is a transparent
proxy. <br>
when i use WeChat client upload file or picture, it
failed.<br>
the access.log shows that<br>
1512953345.798 75 192.168.51.15 TAG_NONE/200 0 CONNECT
111.206.23.97:443 - ORIGINAL_DST/111.206.23.97 -<br>
1512953345.805 0 192.168.51.15 TAG_NONE/503 4380 POST
<a class="moz-txt-link-freetext" href="https://msg.71.am/v5/ypt/hcdn_multicurl">https://msg.71.am/v5/ypt/hcdn_multicurl</a> - HIER_NONE/-
text/html<br>
1512953349.713 10 192.168.51.15 TAG_NONE/200 0 CONNECT
101.226.152.108:443 - HIER_NONE/- -<br>
1512953350.931 10 192.168.51.15 TAG_NONE/200 0 CONNECT
123.151.76.49:443 - HIER_NONE/- -<br>
1512953354.059 11 192.168.51.15 TAG_NONE/200 0 CONNECT
123.151.76.49:443 - HIER_NONE/- -<br>
<br>
i used wireshark catch the package, Encrypted Alert was
shown.<br>
i want to know where the problem or how i can do.<br>
Here is my configure<br>
<br>
https_port 192.168.51.200:3129 intercept ssl-bump
connection-auth=off generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/ssl_cert/myCA.pem
key=/usr/local/squid/ssl_cert/myCA.pem
options=NO_SSLv3,NO_SSLv2<br>
<br>
<br>
acl broken_sites ssl::server_name matchweb.sports.qq.com<br>
acl ssl_step1 at_step SslBump1<br>
acl ssl_step2 at_step SslBump2<br>
acl ssl_step3 at_step SslBump3<br>
ssl_bump splice broken_sites<br>
#ssl_bump splice all<br>
ssl_bump stare ssl_step1<br>
ssl_bump bump ssl_step2<br>
ssl_bump terminate ssl_step3<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</td>
</tr>
</tbody>
</table>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
"Some people, when confronted with a problem, think «I know, I'll use regular expressions.» Now they have two problems."
--Jamie Zawinsk
**************************
* C++: Bug to the future *
**************************</pre>
</body>
</html>