[squid-users] Existing root certificate not working with SSL Bump (squid 3.3.10)
HaxNobody
nobody at hushmail.com
Wed Nov 26 17:03:01 UTC 2014
Thanks for the reply. I'm aware of pinning, but this problem is happening on
small and/or insignificant sites that are certainly not pinned, as well as
the larger sites. In addition, our clients are not getting errors due to
pinning on our existing proxy setup, so we're doing something correctly
there.
Unfortunately, the squid version that I have is something that I can't
change, because it's supplied on a hardware appliance by our vendor. I can
try to get them to update it, but I don't think I will get very far. As it
is, they have done some extensive custom configuration for us, specifically
relating to the ability to use both HTTP and HTTPS traffic over the same
port while retaining full SSL interception capabilities.
The annoying thing is that none of the browsers I am using will give me any
useful information as to why they are hating my setup. I don't really know
the best way to validate the output of my proxy server. Openssl would seem
like a good place to start - is there any way to tell it to use a proxy when
I want to try using the s_client feature and see how the certificate
validates?
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Existing-root-certificate-not-working-with-SSL-Bump-squid-3-3-10-tp4668515p4668526.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list