[squid-users] Enable SSL bump

Amos Jeffries squid3 at treenet.co.nz
Tue Jan 24 01:35:32 UTC 2017


[ Please reply to the list, not to me personally. ]

On 24/01/2017 11:54 a.m., Mustafa Mohammad wrote:
> I'm using 3.5.23 version. My problem is that I'm trying to hit our
> regression server and after doing research, I found that SSL bump might
> work for me but I'm not sure.

We (the squid-users list people) can probably answer that. But will need
to know a bit more details about what exactly your situation is.

I have been assuming that by "regression" you actually mean "legacy
server" - as in; 'a server running old software'. Is that correct?

If so, then the CRL check failing usually means that the CA who issued
that certificate has formally published an advisory (CRL) indicating
that certificate as invalid and must never be used again. Why can't you
just change the cert?


> When my config file is not doing a crl check,
> I was able to hit the server but I can't hit the server if my crlcheck is
> set to yes. I'm very new to squid.

Okay. Sounds like you just need to disable the some checks. But lets put
that aside until its clear whether Squid is the right solution for your
need.

Amos



More information about the squid-users mailing list