[squid-users] Cannot access https site

Amos Jeffries squid3 at treenet.co.nz
Tue May 16 13:14:45 UTC 2017


On 16/05/17 19:54, Vieri wrote:
>
> Which "other configuration aspects are wrong", as you say? Are you 
> referring to "sslproxy_cert_error allow all" or are there more?

The "always_direct allow all" is wrong, you do not have cache_peer, and 
if you did why would you prohibit using any of them for *all* traffic ?

That "sslproxy_cert_error allow all" is the default, so useless to 
configure - but not exactly wrong, just a waste of CPU and memory 
setting up ACLs only to do nothing.

In a similar topic many of the request_header_access rules are checking 
for non-request headers. (eg. Title, WWW-Authenticate) or headers which 
are not relayed (eg. all the Proxy-* ones).

> # squid -version Squid Cache: Version 3.5.14


On 16/05/17 05:25, Alex Rousskov wrote:
>
> (and use the latest v3.5 or later if you are doing SslBump, regardless 
> of what your OS packages for you).

The current release is 3.5.25 or 4.0.19. A lot has changed in the last 
year in terms of both TLS practices and how SSL-Bump works to fit with 
those.


Amos



More information about the squid-users mailing list