[squid-users] HSTS in browsers summary, help wanted.
Rafael Akchurin
rafael.akchurin at diladele.com
Wed Jun 28 16:10:08 UTC 2023
Hello Eliezer,
Please be sure to clean up the mimicked cert storage of Squid after changing the Root CA for sslbump (if you use one).
Best regards,
Rafael
Diladele B.V.
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of ngtech1ltd at gmail.com
Sent: Wednesday, June 28, 2023 6:03 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] HSTS in browsers summary, help wanted.
Hey Everyone,
I am testing Squid 5.9 and 6.0.3 now and I am trying to understand what might go wrong in the client side with SSL Bump.
I have a nice setup which works with a mysql DB and it can be recreated with vagrant in a very simple manner on-top of all EL8 based Distros.
(Alma, Rocky, CentOS, Oracle, RHEL, Fedora).
There are a set of helpers which runs in the background and do the heavy lifting to make the setup more dynamic.
Since I am using an existing DESKTOP there is HSTS history in the browsers:
- Edge
- Chrome
- Firefox
I have added the Root CA certificate to both Windows trusted root ca's store and into firefox certificates store.
For many sites like bing... the HSTS warning is popping out.
In edge I can disable HSTS but I don't know how to clean the HSTS cache in Edge and in other browsers.
Any help would be usefull.
Thanks,
Eliezer
* I will post later on the Vagrant sources.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list