[squid-users] squid 4.0.19 error with certificates

Yuri yvoinov at gmail.com
Mon May 1 11:38:29 UTC 2017


Byte hit is caching related. This is most important functionality for me.


01.05.2017 15:16, marco пишет:
> Thanks. What means drop byte hit? I just wanna bump a few sites, and 
> pass the rest. Why isnt that a good solution? Is it bad form
> performance?
It disables HTTPS caching completely.
>
> marco- Contact Using Hop <http://GetHop.com/?_hmid=1493630170>
>
>
> On May 1, 2017 at 9:13 GMT, Yuri <yvoinov at gmail.com 
> <mailto:yvoinov at gmail.com>> wrote:
>
>
>     Sorry, this is not solution. All https spliced means for me
>     catastrophyc drop byte hit. I knew about this wrkarnd from the
>     beginning. But this is unacceptable.
>
>     At maximum this is temporary workaround.
>
>
>     01.05.2017 15:10, marco пишет:
>>     solution:
>>     all monitoredsites, m1 m2 are bumped correctly
>>     all others are spliced
>>     squid4
>>
>>     this works great. just contact me for questions.
>>
>>
>>     acl monitoredSites ssl::server_name_regex -i
>>     (phncdn|ypncdn|heise|rncdn|youporn)
>>
>>     acl m1 ssl::server_name_regex -i \.youporn\.com
>>
>>     acl m2 ssl::server_name_regex -i \.rncdn7\.com
>>
>>     ssl_bump stare m1
>>     ssl_bump stare m2
>>     ssl_bump stare monitoredSites
>>     ssl_bump peek !m1 !m2 !monitoredSites
>>     #ssl_bump splice step3 !m1 !m2
>>     ssl_bump bump m1
>>     ssl_bump bump m2
>>     ssl_bump bump monitoredSites
>>     ssl_bump splice !m1 !m2 !monitoredSites
>>
>>     marco- Contact Using Hop <http://GetHop.com/?_hmid=1493629813>
>>
>>
>>     On April 30, 2017 at 13:35 GMT, Yuri Voinov <yvoinov at gmail.com
>>     <mailto:yvoinov at gmail.com>> wrote:
>>
>>
>>         Check this. It seems this is the issue:
>>
>>         http://bugs.squid-cache.org/show_bug.cgi?id=4711
>>
>>
>>         30.04.2017 12:02, snable snable пишет:
>>>         hello
>>>
>>>         i am using squid on a external box.
>>>         i forward all traffic from my openwrt router to it
>>>         htto works fine
>>>         https with youtube app doesnt work
>>>         i get:
>>>
>>>          Error negotiating SSL connection on FD 73: error:14094416
>>>         :SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
>>>         unknown (1/0)
>>>
>>>         errors
>>>
>>>         other sites work well so far
>>>
>>>         i heard that squid4 auto downloads intermediate
>>>         certificates.. maybe thats the issue?
>>>
>>>         i workarounded this with a white list of sites that work.
>>>         but i wanna rollout this for all sites. (also see my other
>>>         question)
>>>
>>>         thanks!
>>>
>>>
>>>
>>>         _______________________________________________
>>>         squid-users mailing list
>>>         squid-users at lists.squid-cache.org
>>>         http://lists.squid-cache.org/listinfo/squid-users
>>
>>         -- 
>>         Bugs to the Future
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170501/583f1701/attachment-0001.html>


More information about the squid-users mailing list