
<div dir="auto"><div>I will try to look at it later on.</div><div dir="auto">From what I remember windows updates are using both http and https.</div><div dir="auto">The communication channel was encrypted but the transfer channel was plain http.</div><div dir="auto"><br></div><div dir="auto"><br></div><div><br></div><div data-smartmail="gmail_signature"><div dir="ltr">----<br>Eliezer Croitoru<br>Tech Support<br>Mobile: +972-5-28704261<br>Email: <a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a><br></div></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">בתאריך יום א׳, 16 במרץ 2025, 16:34, מאת Doug Tucker ‏<<a href="mailto:doug.tucker@navigaglobal.com">doug.tucker@navigaglobal.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div>

<div dir="auto">No, no one responded.</div>

<div id="m_-7342539788578360245ms-outlook-mobile-body-separator-line" dir="auto"><br>

</div>

<div id="m_-7342539788578360245ms-outlook-mobile-signature" dir="auto">

<div dir="auto">Doug Tucker</div>

<div dir="auto">Sr. Director of Networking and Linux Operations</div>

<div dir="auto"><a href="mailto:doug.tucker@navigaglobal.com" target="_blank" rel="noreferrer">doug.tucker@navigaglobal.com</a> </div>

</div>

<hr style="display:inline-block;width:98%">

<div id="m_-7342539788578360245divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> NgTech LTD <<a href="mailto:ngtech1ltd@gmail.com" target="_blank" rel="noreferrer">ngtech1ltd@gmail.com</a>><br>

<b>Sent:</b> Sunday, March 16, 2025 2:38:35 AM<br>

<b>To:</b> Doug Tucker <<a href="mailto:doug.tucker@navigaglobal.com" target="_blank" rel="noreferrer">doug.tucker@navigaglobal.com</a>><br>

<b>Cc:</b> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank" rel="noreferrer">squid-users@lists.squid-cache.org</a> <<a href="mailto:squid-users@lists.squid-cache.org" target="_blank" rel="noreferrer">squid-users@lists.squid-cache.org</a>><br>

<b>Subject:</b> Re: [squid-users] windows updates</font>

<div> </div>

</div>

<div>

<table border="0" cellspacing="0" cellpadding="0" width="100%" align="left" style="background:revert!important;border:revert!important;color:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;border:0!important;display:table!important;width:100%!important;table-layout:fixed!important;border-collapse:seperate!important;float:none!important;border-spacing:0px 0px!important">

<tbody style="background:revert!important;border:revert!important;color:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;display:block!important">

<tr style="background:revert!important;border:revert!important;color:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important">

<td valign="middle" width="1px" bgcolor="#A6A6A6" cellpadding="7px 2px 7px 2px" style="background:revert!important;border:revert!important;color:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;padding:7px 2px 7px 2px!important;background-color:#a6a6a6!important;width:0px!important">

</td>

<td valign="middle" width="100%" bgcolor="#EAEAEA" cellpadding="7px 5px 7px 15px" color="#212121" style="background:revert!important;border:revert!important;color:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;width:100%!important;background-color:#eaeaea!important;padding:7px 5px 7px 15px!important;font-family:wf_segoe-ui_normal,Segoe UI,Segoe WP,Tahoma,Arial,sans-serif!important;font-size:12px!important;font-weight:normal!important;color:#212121!important;text-align:left!important;word-wrap:break-word!important">

<div style="background:revert!important;border:revert!important;color:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important">

You don't often get email from <a href="mailto:ngtech1ltd@gmail.com" target="_blank" rel="noreferrer">ngtech1ltd@gmail.com</a>. <a href="https://aka.ms/LearnAboutSenderIdentification" style="background:revert!important;color:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;opacity:revert!important" target="_blank" rel="noreferrer">

Learn why this is important</a> </div>

</td>

<td valign="middle" align="left" width="75px" bgcolor="#EAEAEA" cellpadding="7px 5px 7px 5px" color="#212121" style="background:revert!important;border:revert!important;color:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;width:75px!important;background-color:#eaeaea!important;padding:7px 5px 7px 5px!important;font-family:wf_segoe-ui_normal,Segoe UI,Segoe WP,Tahoma,Arial,sans-serif!important;font-size:12px!important;font-weight:normal!important;color:#212121!important;text-align:left!important;word-wrap:break-word!important">

</td>

</tr>

</tbody>

</table>

<div>

<table border="0" cellspacing="0" cellpadding="0" align="left" width=""100%"" style="width:100.0%">

<tbody>

<tr>

<td style="background:#910a19;padding:5.25pt 1.5pt 5.25pt 1.5pt"></td>

<td width=""100%"" cellpadding=""7px" color=""#212121"" style="width:100.0%;background:#fdf2f4;padding:5.25pt 3.75pt 5.25pt 11.25pt;word-wrap:break-word">

<div>

<p><span>Naviga WARNING: External email. Please verify sender before opening attachments or clicking on links.</span></p>

</div>

</td>

</tr>

</tbody>

</table>

<br>

<div>

<div dir="ltr">

<div>Hey,</div>

<div><br>

</div>

<div>Did you manage to find a solution for your use case?</div>

<div>Let me know if you need assistance with this issue.</div>

<div><br>

</div>

<div>Eliezer</div>

<div>

<div dir="ltr" data-smartmail="gmail_signature">

<div dir="ltr">----<br>

Eliezer Croitoru<br>

Tech Support<br>

Mobile: +972-5-28704261<br>

Email: <a href="mailto:ngtech1ltd@gmail.com" target="_blank" rel="noreferrer">ngtech1ltd@gmail.com</a><br>

</div>

</div>

</div>

<br>

</div>

<br>

<div>

<div dir="ltr">On Tue, Mar 4, 2025 at 1:57 AM Doug Tucker <<a href="mailto:doug.tucker@navigaglobal.com" target="_blank" rel="noreferrer">doug.tucker@navigaglobal.com</a>> wrote:<br>

</div>

<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div>

<div dir="ltr">

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

I have read through everything I can find on this subject but still cannot seem to get around the issue of windows updates not working through the squid transparent proxy.  No matter what I try I continue to see this in the cache log and windows update will

 not connect.</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

2025/03/03 23:26:55 kid5| Error negotiating SSL on FD 25: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

I tried adding the info from the following doc to no avail.</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<a href="https://wiki.squid-cache.org/SquidFaq/WindowsUpdate" id="m_-7342539788578360245x_m_288323372412584365LPlnk" target="_blank" rel="noreferrer">https://wiki.squid-cache.org/SquidFaq/WindowsUpdate</a></div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

The relevant parts of my squid.conf:</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

#Handling HTTPS requests</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

acl SSL_port port 443</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

http_access allow SSL_port</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

acl allowed_https_sites ssl::server_name "/etc/squid/allowed-sites.txt"</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

acl step1 at_step SslBump1</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

acl step2 at_step SslBump2</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

acl step3 at_step SslBump3</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

ssl_bump peek step1 all</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

ssl_bump peek step2 allowed_https_sites</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

ssl_bump splice step3 allowed_https_sites</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

ssl_bump terminate step2 all</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

#windows update</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

acl DiscoverSNIHost at_step SslBump1</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump"</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

ssl_bump splice NoSSLIntercept</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

ssl_bump peek DiscoverSNIHost</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

ssl_bump bump all</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

I ran tcpdump and added every url i could find to the allowed-sites.txt and added the 2 sites recommended tot he url.nobump.  If anyone has gotten this to work any help would be appreciated. </div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">

<br>

</div>

<div id="m_-7342539788578360245x_m_288323372412584365Signature" style="color:inherit">

<div id="m_-7342539788578360245x_m_288323372412584365divtagdefaultwrapper" dir="ltr" style="background-color:rgb(255,255,255);color:inherit">

<div style="background-color:rgb(255,255,255);margin:0px">

<p style="text-align:left;line-height:11.55pt;background-color:white;margin:0in;font-size:11pt">

<span style="font-family:Calibri,sans-serif;color:black"><b>Doug Tucker</b><br>

Sr. Director of Networking and Linux Operations</span></p>

<p style="text-align:left;line-height:15.4px;background-color:white;margin:0in;font-size:11pt">

<span style="font-family:Calibri,sans-serif;color:black"><b>o:</b> 817.975.5832  <br>

<b>e: </b><a href="mailto:doug.tucker@navigaglobal.com" target="_blank" rel="noreferrer">doug.tucker@navigaglobal.com</a>  </span></p>

<p style="text-align:left;line-height:15.4px;background-color:white;margin:0in;font-size:11pt">

<span style="font-family:Calibri,sans-serif;color:rgb(0,0,0)"><br>

</span></p>

<div style="background-color:white;margin:0px 0in">

<p style="text-align:left;line-height:15.4px;font-family:"Times New Roman";font-size:12pt">

<span style="color:rgb(0,0,0)">Newscycle Solutions is now Naviga. Learn more.</span></p>

<p style="text-align:left;line-height:15.4px;font-family:"Times New Roman";font-size:12pt">

<span style="color:rgb(0,0,0)"><br>

</span></p>

<p style="text-align:left;line-height:15.4px;font-family:"Times New Roman";font-size:12pt">

<span style="color:rgb(0,0,0)">CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If

 you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient,

 you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibite</span></p>

<div style="text-align:justify;line-height:15.4px;font-family:Calibri,sans-serif;font-size:11pt;color:rgb(0,0,0)">

<br>

</div>

</div>

</div>

</div>

</div>

</div>

_______________________________________________<br>

squid-users mailing list<br>

<a href="mailto:squid-users@lists.squid-cache.org" target="_blank" rel="noreferrer">squid-users@lists.squid-cache.org</a><br>

<a href="https://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer noreferrer" target="_blank">https://lists.squid-cache.org/listinfo/squid-users</a><br>

</div>

</blockquote>

</div>

</div>

</div>

</div>

</div>


</blockquote></div>