[squid-users] HSTS and HPKP

Gordon Hsiao capcoding at gmail.com
Fri Jul 27 04:10:51 UTC 2018


I'm running squid4.1 interception peek+splice mode.

Some sites with HSTS(max-age=0) will not work whenever squid is on, HSTS
max-age=0 is supposed to turn off HSTS, but chrome/firefox will keep
redirecting https<-->http until it failed(too many redirects). Once Squid
is removed all is good.

I also searched various lists and squid's website, it's still unclear to
me, for intercept proxy, can Squid deal with HSTS reliably these days?

A similar questions is HPKP, or the pinning certificate, can Squid 4.1
handle that?

When no HSTS/HPKP is involved, it seems all sites work well.

Gordon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180726/25ed7834/attachment.html>


More information about the squid-users mailing list