<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <br>
    <div class="moz-cite-prefix">Em 16/10/2018 02:46, Timur Lagutenko
      escreveu:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAKK+L1cX9Xau0NivY1YobYrT27csuPK-p-FV5UtZUKbf_PH_UQ@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div class="gmail-gE gmail-iv gmail-gt" style="padding:20px 0px
0px;font-size:12.8px;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif"><span
style="font-family:Arial,Helvetica,sans-serif;font-size:small">Hello
            friends,</span><br>
        </div>
        <div class="gmail-"
style="font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:medium">
          <div id="gmail-:m7" class="gmail-ii gmail-gt"
            style="font-size:12.8px;direction:ltr;margin:8px 0px
            0px;padding:0px">
            <div id="gmail-:s6" class="gmail-a3s gmail-aXjCH"
              tabindex="-1"
style="overflow:hidden;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:small;line-height:1.5;font-family:Arial,Helvetica,sans-serif">
              <div dir="ltr">
                <div dir="ltr">
                  <div><br>
                  </div>
                  <div>recently I've updated my freebsd gateway.</div>
                  <div>from 11.1 to 11.2.</div>
                  <div>also I've updated squid form 3.5 to 4.1</div>
                  <div>i have no transparency, no ssl-bump/splice etc..</div>
                  <div>simple installation.</div>
                  <div>browser is configured to use proxy.</div>
                  <div>squid configuration is default.</div>
                  <div>everything works fine except <a
                      href="http://youtube.com/" target="_blank"
                      moz-do-not-send="true">youtube.com</a></div>
                  <div>Browser freezes on "trying to set secure
                    connection", and after gives time-out error.</div>
                  <div>i've also tied to downgrade squid back to 3,5</div>
                  <div>no success.</div>
                  <div><br>
                  </div>
                  <div>nothing strange in logs</div>
                  <div>1539668124.660  30055 192.168.0.104
                    TCP_TUNNEL/200 39 CONNECT <a
                      href="http://www.youtube.com:443/" target="_blank"
                      moz-do-not-send="true">www.youtube.com:443</a> -
                    HIER_DIRECT/<a href="http://74.125.232.167/"
                      target="_blank" moz-do-not-send="true">74.125.232.167</a> -<br>
                  </div>
                  <div><br>
                  </div>
                  <div>dns is the same as for a client as for a squid.</div>
                  <div>other sites works fine.</div>
                  <div>if i give direct access (without squid - direct
                    NAT) - youtube is working.</div>
                  <div>any ideas?</div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    Hello Timur.<br>
    Are you certain it isn't a firewall/routing/port issue?<br>
    My guess is that the clients are being directed to an incorrect
    destination (or being dropped) specially because the time-out error.<br>
    I don't think Squid would consider YouTube different than any other
    website if you didn't told it to do so. Maybe there's a leftover
    rule somewhere in your firewall? Remember that it should contain
    INPUT and OUTPUT rules for Squid rather than FORWARD.<br>
    <br>
    Good luck.<br>
  </body>
</html>