[squid-users] --enable-openssl-crtd -- not building openssl-crtd? (3.5.21)

Eliezer Croitoru eliezer at ngtech.co.il
Wed Oct 5 14:42:59 UTC 2016


First goes first is to restart the client machine to verify that the certificate is installed.
If you want a list of "banned" ssl sites you will need to do some research on your clients needs...
Nobody can do your work for you without knowing your "thing".
The overall slow down is from both sites that are probably trying to encrypt but it's still not something you cannot do without any system policy.
If you have a regulation policy on encrypted traffic you will be able to force your clients first and allow later.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile+WhatsApp: +972-5-28704261
Email: eliezer at ngtech.co.il


-----Original Message-----
From: Linda W [mailto:squid-user at tlinx.org] 
Sent: Sunday, October 2, 2016 10:00 AM
To: Eliezer Croitoru
Cc: squid-users at lists.squid-cache.org
Subject: Re: --enable-openssl-crtd -- not building openssl-crtd? (3.5.21)

Eliezer Croitoru wrote:
> Hey Linda,
> 
> If you need some help later we are here for any advice.
> Can you say on what OS are you compiling the software?
---
	opensuse 13.2

I have to see what else is needed (if anything).  I already
imported the squid-cert into my browser, but not sure if it
is bumping anything or not.

What I'd like to do is create a list of ssl-"banned" connections
where it can store objects from those sessions into the cache under
plaintext names so for those sites I can regain squid-caching that
is shareable between different sessions.

Right now, due to the ssl-junkies (those who want everything
encrypted because it hides their streams from user eyes), 
it seems that many objects that used to be cached, now, 
can't be cached because they are part of a 
TUNNEL where individual objects are no longer discernible.

I've noticed an overall slowdown of websites due to the 
slowdown from encrypting & decrypting as well as not being
able to cache commonly used items.










More information about the squid-users mailing list