[squid-users] a decent way to speed up Facebook?

turgut kalfaoğlu turgut at kalfaoglu.com
Tue Sep 4 16:44:43 UTC 2018


Hello there. I have a transparent squid at my home to speed up the 
browsing by caching stuff.  And it works well for HTTP.

For HTTPS, I was only able to get it to "peek" and I'd like to able to 
bump the connections.

I installed the server certificate on the client, but still, the browser 
(firefox) keeps complaining:

Your connection is not secure
The owner of www.facebook.com has configured their website improperly. 
To protect your information from being stolen, Firefox has not connected 
to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that 
Firefox may only connect to it securely. As a result, it is not possible 
to add an exception for this certificate.

Here is what I have:
#
# serverIsBank is a list of domains that are banks essentially. They 
seem more picky.
#
ssl_bump splice serverIsBank
ssl_bump peek all
# ssl_bump bump all    # this does not work, it gives the error above..

https_port 3129 intercept ssl-bump \
         generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
         cert=/etc/squid/ssl_cert/tk2ca.pem 
key=/etc/squid/ssl_cert/tk2ca.pem \
        sslflags=NO_SESSION_REUSE
tls_outgoing_options cafile=/etc/pki/tls/certs/ca-bundle.crt
sslproxy_cert_adapt setCommonName ssl::certDomainMismatch
sslproxy_cert_error allow all
sslcrtd_program  /usr/lib64/squid/security_file_certgen  -s 
/var/lib/ssl_db -M $
sslcrtd_children 50 startup=5 idle=5


Thanks, -turgut


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180904/11ac6418/attachment.html>


More information about the squid-users mailing list