[squid-users] Chrome auto-HTTPS-upgrade - not falling to http
Alex Rousskov
rousskov at measurement-factory.com
Fri Apr 5 20:33:32 UTC 2024
On 2024-04-04 03:01, David Komanek wrote:
> I do not observe this problem accessing sites running only
> on port 80 (no 443 at all), but my configuration is simple:
>
> squid 6.6 as FreeBSD binary package
>
> not much about ssl in the config file though, just passing it through,
> no ssl juggling
Your use case is not applicable to this problem because your Squid is
not using SslBump. It is SslBump actions that confuse Chrome (in some
cases).
Alex.
> acl SSL_ports port
> acl Safe_ports port 80
> acl Safe_ports port 443
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> http_access allow ....
> http_access allow ....
> http_access allow ....
> http_access allow ....
> http_access allow ....
> http_access deny all
>
> I don't think it was different with squid 5.9, which I used till
> November 2023.
>
> Occasionally, I see another problem, which may or may not be related to
> squid ssl handling configuration: PR_END_OF_FILE_ERROR (Firefox) /
> ERR_CONNECTION_CLOSED (Chrome), typically accessing samba.org. But they
> use permanent redirect from http to https, so it another situation than
> http-only site.
>
> David
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list