<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=gb18030">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>In practice POST url always better to get splice. This prevents
      much errors.<br>
    </p>
    <p>SSL3_GET_SERVER_CERTIFICATE itself means that some client
      application trying to establish secure connection uses old SSLv3
      protocol. This applications also better to splice, if not possible
      to upgrade applications (often it is not possible).<br>
    </p>
    <br>
    <div class="moz-cite-prefix">11.12.2017 7:06, G~D~Lunatic пишет:<br>
    </div>
    <blockquote type="cite"
      cite="mid:tencent_C3FDC8758E0F1D0E5D8F8F98217B55C36805@qq.com">
      <table style="width: 99.8%; ">
        <tbody>
          <tr>
            <td id="QQMAILSTATIONERY"
style="background:url(https://rescdn.qqmail.com/zh_CN/htmledition/images/xinzhi/bg/a_02.jpg)
              no-repeat #fffaf6; min-height:550px; padding:100px 55px
              200px 100px; "><span class="tgt" data-group="0-0"
                style="box-sizing: border-box; line-height: 20px; color:
                rgb(46, 48, 51); font-family: Arial, 'Microsoft YaHei',
                微软雅黑, 宋体, 'Malgun Gothic', Meiryo, sans-serif;
                font-size: 12px; font-style: normal; font-variant:
                normal; font-weight: normal; letter-spacing: normal;
                orphans: auto; text-align: start; text-indent: 0px;
                text-transform: none; white-space: normal; widows: auto;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                background-color: rgb(238, 240, 242);"></span><span
                class="tgt highlight" data-group="0-1"
                style="box-sizing: border-box; line-height: 20px;
                background-color: rgb(238, 238, 238); color: rgb(51,
                133, 255); font-family: Arial, 'Microsoft YaHei', 微软雅黑,
                宋体, 'Malgun Gothic', Meiryo, sans-serif; font-size:
                12px; font-style: normal; font-variant: normal;
                font-weight: normal; letter-spacing: normal; orphans:
                auto; text-align: start; text-indent: 0px;
                text-transform: none; white-space: normal; widows: auto;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                background-position: initial initial; background-repeat:
                initial initial;"></span> my squid is a transparent
              proxy. <br>
              when i use WeChat client upload file or picture, it
              failed.<br>
              the access.log shows that<br>
              1512953345.798     75 192.168.51.15 TAG_NONE/200 0 CONNECT
              111.206.23.97:443 - ORIGINAL_DST/111.206.23.97 -<br>
              1512953345.805      0 192.168.51.15 TAG_NONE/503 4380 POST
              <a class="moz-txt-link-freetext" href="https://msg.71.am/v5/ypt/hcdn_multicurl">https://msg.71.am/v5/ypt/hcdn_multicurl</a> - HIER_NONE/-
              text/html<br>
              1512953349.713     10 192.168.51.15 TAG_NONE/200 0 CONNECT
              101.226.152.108:443 - HIER_NONE/- -<br>
              1512953350.931     10 192.168.51.15 TAG_NONE/200 0 CONNECT
              123.151.76.49:443 - HIER_NONE/- -<br>
              1512953354.059     11 192.168.51.15 TAG_NONE/200 0 CONNECT
              123.151.76.49:443 - HIER_NONE/- -<br>
              <br>
              i used wireshark catch the package, Encrypted Alert was
              shown.<br>
              i want to know where the problem or how i can do.<br>
              Here is my configure<br>
              <br>
              https_port 192.168.51.200:3129 intercept ssl-bump
              connection-auth=off generate-host-certificates=on
              dynamic_cert_mem_cache_size=4MB
              cert=/usr/local/squid/ssl_cert/myCA.pem
              key=/usr/local/squid/ssl_cert/myCA.pem
              options=NO_SSLv3,NO_SSLv2<br>
              <br>
              <br>
              acl broken_sites ssl::server_name matchweb.sports.qq.com<br>
              acl ssl_step1 at_step SslBump1<br>
              acl ssl_step2 at_step SslBump2<br>
              acl ssl_step3 at_step SslBump3<br>
              ssl_bump splice broken_sites<br>
              #ssl_bump splice all<br>
              ssl_bump stare ssl_step1<br>
              ssl_bump bump ssl_step2<br>
              ssl_bump terminate ssl_step3<br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
              <br>
            </td>
          </tr>
        </tbody>
      </table>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
"Some people, when confronted with a problem, think «I know, I'll use regular expressions.» Now they have two problems."
--Jamie Zawinsk

**************************
* C++: Bug to the future *
**************************</pre>
  </body>
</html>