[squid-users] SQUID_ERR_SSL_HANDSHAKE

*The squid version is 3.4.5. The server certificate is sslv3 generated by openssl. Not quite sure as to what the problem is.* *Failed to establish a secure connection to 192.168.3.108* The system returned: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE) Handshake with SSL server fail

[squid-users] Debian 7 LDAP auth to 2008r2

Man I just can't seem to make this work. I followed this guide: http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy and everything went well but as soon as I get to the squid_ldap_group test I get nothing back, or the second time I hit enter it returns a "invalid entry"

Re: [squid-users] Splicing a connection if server cert cannot be verified

Hi Amos, > > Yes, but Squid has no way of trusting a self-signed cert. When Squid > > mints a server cert on the fly and sends it to the client, the client > > won't have any idea that the cert was originally self-signed. Like the > > previous scenario, I'd want to step out of the way and defer th

Re: [squid-users] Squid 2.7, 3.4 and 3.5 Videos/Music/Images/Libraris/CDNs Booster

Hi All, New build 2.17 with additional website... Enjoy Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-2-7-3-4-and-3-5-Videos-Music-Images-Libraries-CDNs-Booster-tp4668683p4668738.h

Re: [squid-users] ICAP: how to get port of X-Client-IP

It works on sqiud 3.5.0.2!!! adaptation_meta X-Client-Port %>p Exactly as you said. Many thanks to you Amos! I am not sure about 3.4 version but it does not matter for me. -- /BR, Alexander Wed, 17 Dec 2014 15:52:00 +0300 от Alexander Bubnov : > > > >-- >/BR, Alexander > >Wed, 17 Dec 2014 01:

Re: [squid-users] ICAP: how to get port of X-Client-IP

-- /BR, Alexander Wed, 17 Dec 2014 01:42:37 +1300 от Amos Jeffries : >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >On 16/12/2014 9:49 p.m., Alexander Bubnov wrote: >> >> Hello Amos! Glad to get your answer! >> >> >> 1. I have tried to use %>p specifier for adaptation_meta directive. >>

Re: [squid-users] Skype bypass using ssl_bump peek

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/12/2014 10:52 p.m., Yu-Hsuan Liao wrote: >> Only if "skype_list" matches the TCP packet IP address (without >> rDNS being looked up) will the peek happen. > >> I think you need to add at_step ACL test to peek always at >> step1, then do the oth

Re: [squid-users] Skype bypass using ssl_bump peek

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/12/2014 10:52 p.m., Yu-Hsuan Liao wrote: The peek at step1 should be detecting that non-TLS/SSL is occuring. For the non-HTTP over TLS/SSL... IF you bumped it Squid can still fallback to tunnel I think, but a slower way than splice normally wo

[squid-users] Skype bypass using ssl_bump peek

> Only if "skype_list" matches the TCP packet IP address (without rDNS > being looked up) will the peek happen. > I think you need to add at_step ACL test to peek always at step1, then > do the other actions at step2 once SNI (domain name) is possibly > available. Hello Amos, What if a non-SSL o