[squid-users] chromium based browsers don't play a video, when sslbump is enabled

Dieter Bloms squid.org at bloms.de
Wed Jan 20 16:01:13 UTC 2021 

Hello Eliezer,

I've tested with chrome 87.0.4280.141 and Edge 87.0.664.75.

On Wed, Jan 20, Eliezer Croitoru wrote:

> It's not clear if only Chromium or also a simple Chrome.
> 
> Thanks,
> Eliezer
> 
> ----
> Eliezer Croitoru
> Tech Support
> Mobile: +972-5-28704261
> Email: ngtech1ltd at gmail.com
> Zoom: Coming soon
> 
> 
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Dieter Bloms
> Sent: Wednesday, January 20, 2021 1:26 PM
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] chromium based browsers don't play a video, when sslbump is enabled
> 
> Hello,
> 
> I use squid 4.13 with enabled sslbump.
> Chromium based browsers like chrome and edge don't play this video
> https://admin.wissen-ad.de/storage/TEST/Big_Buck_Bunny_1080_10s_30MB.mp4
> The firefox browser and the old internet explorer have no problems.
> 
> When I disable sslbumping for this destination the chromium based
> browsers work as well.
> 
> Here are some parts of my config:
> 
> --snip--
> http_port MYIP:8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=32MB cert=/etc/squid/cert.pem key=/etc/squid/key.pem tls-dh=/etc/squid/dhparams.pem
> sslcrtd_program /usr/sbin/security_file_certgen -s /var/cache/squid/sslcert_db -M 32MB
> sslcrtd_children 32 startup=10 idle=3
> tls_outgoing_options capath=/etc/ssl/certs min-version=1.2
> tls_outgoing_options cipher=TLSv1.2:+aRSA:+SHA384:+SHA256:+DH:-kRSA:!PSK:!eNULL:!aNULL:!DSS:!AESCCM:!CAMELLIA:!ARIA:AES256-SHA:AES128-SHA:@SECLEVEL=1
> 
> acl nobumping dstdomain "/etc/squid/nohttpsscan.domains"
> ssl_bump splice nobumping
> ssl_bump bump all
> --snip--
> 
> with wget or curl I can download the mp4 file in both cases (with and without sslbump)
> 
> Can anybody try to view the video in a chromium based browser with enabled sslbump ?
> 
> Thank you very much.
> 
> 
> -- 
> Regards
> 
>   Dieter
> 
> --
> I do not get viruses because I do not use MS software.
> If you use Outlook then please do not put my email address in your
> address-book so that WHEN you get a virus it won't use my address in the
> From field.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
Gruß

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.

More information about the squid-users mailing list