<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Calibri">FYI</font></p>
<p><font face="Calibri">Squid Object Cache: Version 6.8-VCS<br>
Build Info: GIT V6.8 commit 4bee0c8</font></p>
<p><font face="Calibri">Could you please somehow elaborate how this
seems to be working?</font></p>
<p>acl SquidSecureConnectFail squid_error ERR_SECURE_CONNECT_FAIL<br>
acl SquidTLSErrorConnect ssl_error SQUID_TLS_ERR_CONNECT<br>
</p>
<p>#tunnel all for connection errors<br>
on_unsupported_protocol tunnel SquidTLSErrorConnect<br>
on_unsupported_protocol tunnel SquidSecureConnectFail</p>
<p>Is it a good or bad attempt? As I put redir.netcentrum.cz as an
example in my first post - now it seems to just request
TCP_MISS/200 815 GET <a class="moz-txt-link-freetext"
href="http://redir.netcentrum.cz/">http://redir.netcentrum.cz/</a>?
- ORIGINAL_DST/46.255.231.158 text/html -. I do not think my
chrome just decided this site is http only and call it like this
forever. I just did not see more SSL errors till yesterday . I do
not say I haven't seen any (during some fairly short period) -
such as SSL version errors, TLS inappropiate fallbacks, broken
certs, no common ciphers etc. - but now I could not find a site
that does not work (for me) - I have to ask my users. Anyway -
squid seemed to have slight problems downloading intermediate
certificates - to work properly - so I had to create a collection
of several ones for myself (and some root certificates too - for
example from MS WU site etc.) - but this could be just trouble
with my Debian underlaying distro. (BTW I've alerady implemented
transaction_initiator certificate-fetching acl and have
http_access line for it)<br>
</p>
<font face="Calibri">L</font>
<p></p>
<div class="moz-cite-prefix">Dne 03.04.2024 v 17:05 Alex Rousskov
napsal(a):<br>
</div>
<blockquote type="cite"
cite="mid:e8845677-fe34-439a-9bfe-4a0b2aa3461a@measurement-factory.com">On
2024-04-03 02:14, Loučanský Lukáš wrote:
<br>
<br>
<blockquote type="cite">this has recently started me up more then
let it go. For a while
<br>
chrome is upgrading in-page links to https.
<br>
</blockquote>
Just to add two more pieces of related information to this thread:
<br>
<br>
Some Squid admins report that their v6-based code does not suffer
from this issue while their v5-based code does. I have not
verified those reports, but there may be more to the story here.
What Squid version are _you_ using?
<br>
<br>
One way to track progress with this annoying and complex issue is
to follow the following pull request. The current code cannot be
officially merged as is, and I would not recommend using it in
production (because of low-level bugs that will probably crash
Squid in some cases), but testing it in the lab and providing
feedback to authors may be useful:
<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/squid-cache/squid/pull/1668">https://github.com/squid-cache/squid/pull/1668</a>
<br>
<br>
HTH,
<br>
<br>
Alex.
<br>
<br>
_______________________________________________
<br>
squid-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.squid-cache.org/listinfo/squid-users">https://lists.squid-cache.org/listinfo/squid-users</a>
<br>
</blockquote>
</body>
</html>