[squid-users] sahibinden.com fails with https bump
turgut kalfaoğlu
turgut at kalfaoglu.com
Tue May 10 10:34:02 UTC 2016
Hello everyone..
My setup -- this is for speeding up the home ADSL..
https_port 3129 intercept ssl-bump \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
cert=/etc/squid/ssl_cert/myca.pem key=/etc/squid/ssl_cert/myca.pem
sslproxy_cert_adapt setCommonName ssl::certDomainMismatch
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 20 startup=3 idle=1
ssl_bump server-first all
This works well for facebook, gmail, google, and probably others..
But https://sahibinden.com , whatever they are doing fails - the page
appears broken.
I tried broken_sites acl trick, did not help.
acl broken_sites ssl::server_name .sahibinden.com
acl broken_sites ssl::server_name image5.sahibinden.com
acl broken_sites ssl::server_name .shbdn.com
ssl_bump none broken_sites
Does anyone have any ideas what else I can try?
Many thanks, -tk
More information about the squid-users
mailing list