[squid-users] Chrome 67 Issue with SSL Bump
Amit Pasari - XS INFOSOL Inc. USA
amit at xsinfosol.com
Wed Jun 27 17:55:22 UTC 2018
On 6/27/18 11:20 PM, Amit Pasari - XS INFOSOL Inc. USA wrote:
> Dear Walter ,
>
> I use
>
> sslproxy_cert_sign_hash sha256
>
> and use a SHA-256 certificate
>
> The result is still the same .
>
> "NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM"
>
> Also one more thing , when i open yahoo.com with any of those
> certificates in CHROME , the content of yahoo comes inline i,e without
> any CSS etc ...
>
> One more strange thing i noticed , when i browse using Firefox ,
> safari , IE , all URLs are coming in squid/access.log where as when i
> use CHROME only few IPs comes in access logs with CONNECT on 443 .
>
> I also noticed with using CHROME the below type of requests :
> POST
> http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
>
>
> Amit
>
>
> On 6/26/18 11:25 PM, Amit Pasari - XS INFOSOL Inc. USA wrote:
>> Let me try the below solution , but if thats the case it shouldn't
>> work with other browsers as well , what i think is chrome is either
>> not reading my cert or rejecting it .
>>
>> Unsure .
>>
>> Amit
>>
>> On 6/26/18 10:38 PM, Walter H. wrote:
>>> On 26.06.2018 19:03, Amit pasari wrote:
>>>> Dear Walter
>>>> I have tried with both SHA1 and SHA256 cert .
>>>>
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Jun 26, 2018, at 9:43 PM, Walter H. <Walter.H at mathemainzel.info
>>>> <mailto:Walter.H at mathemainzel.info>> wrote:
>>>>
>>>>> On 26.06.2018 17:22, Amit Pasari - XS INFOSOL Inc. USA wrote:
>>>>>>
>>>>>> I am using squid in transparent mode . Everything working fine in
>>>>>> Firefox and IE after i have imported the certificate in both the
>>>>>> browser , but in Chrome 67 version on Windows 10 i am facing the
>>>>>> below issue
>>>>>>
>>>>>> NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
>>>>>>
>>>>>> When i open https://facebook.com , https://linkedin.com etc .
>>>>>>
>>>>>> I am clueless on the same now .
>>>>>>
>>>>>> Amit
>>>>>>
>>>>> Have you generated a SHA1 or SHA-256 certificate?
>>>>>
>>>>> Walter
>>>>>
>>> can you try this:
>>>
>>> sslproxy_cert_sign_hash sha256
>>>
>>> and use a SHA-256 certificate
>>>
>>> Walter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180627/6c40b5d3/attachment-0001.html>
More information about the squid-users
mailing list