[squid-users] squid 4.0.19 error with certificates
marco
thesnable at gmail.com
Mon May 1 09:16:10 UTC 2017
Thanks. What means drop byte hit? I just wanna bump a few sites, and pass the rest. Why isnt that a good solution? Is it bad form
performance?
[marco - Contact Using Hop](http://GetHop.com/?_hmid=1493630170)
On May 1, 2017 at 9:13 GMT, Yuri <yvoinov at gmail.com> wrote:
Sorry, this is not solution. All https spliced means for me catastrophyc drop byte hit. I knew about this wrkarnd from the beginning. But this is unacceptable.
At maximum this is temporary workaround.
01.05.2017 15:10, marco пишет:
solution:
all monitoredsites, m1 m2 are bumped correctly
all others are spliced
squid4
this works great. just contact me for questions.
acl monitoredSites ssl::server_name_regex -i (phncdn|ypncdn|heise|rncdn|youporn)
acl m1 ssl::server_name_regex -i \.youporn\.com
acl m2 ssl::server_name_regex -i \.rncdn7\.com
ssl_bump stare m1
ssl_bump stare m2
ssl_bump stare monitoredSites
ssl_bump peek !m1 !m2 !monitoredSites
#ssl_bump splice step3 !m1 !m2
ssl_bump bump m1
ssl_bump bump m2
ssl_bump bump monitoredSites
ssl_bump splice !m1 !m2 !monitoredSites
[marco - Contact Using Hop](http://GetHop.com/?_hmid=1493629813)
On April 30, 2017 at 13:35 GMT, Yuri Voinov <yvoinov at gmail.com> wrote:
Check this. It seems this is the issue:
http://bugs.squid-cache.org/show_bug.cgi?id=4711
30.04.2017 12:02, snable snable пишет:
hello
i am using squid on a external box.
i forward all traffic from my openwrt router to it
htto works fine
https with youtube app doesnt work
i get:
Error negotiating SSL connection on FD 73: error:14094416
:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown (1/0)
errors
other sites work well so far
i heard that squid4 auto downloads intermediate certificates.. maybe thats the issue?
i workarounded this with a white list of sites that work. but i wanna rollout this for all sites. (also see my other question)
thanks!
_______________________________________________ squid-users mailing list squid-users at lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
--
Bugs to the Future
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170501/399a6e8d/attachment.html>
More information about the squid-users
mailing list