Yuri,
We’re trying that :
- Tproxy
- ssl_bump bump all
does not work.
We have followed the squid wiki regarding iptables rules, sysctl, etc…
Instead “ssl_bump bump all”, if we use “ssl_bump server-first all” , it works,
the https is decrypted.
So is the tproxy com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think,first you can try new stage-based SSL bump with 3.5.x. To do
that you must identify problem sites.
If there is no results, you can simple bypass problem sites without bump.
Whole server-first bump, on Squid 3.5.x especially, is not so go
Yuri,
So what’s next ?
Do you mean we must “do-not-ssl-bump” wrong certificats ?
And if a certificate not yet identified is requested by an user it’ll crash the
Squid ?
Any idea how to fix that issue ?
Thanks in advance.
Bye Fred
De : Yuri Voinov [mailto:yvoi...@gmail.com]
Envo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- From my experience, it may occur as a result of forming the fake
certificate zero length (in the case of the SQUID can not complete its
formation for any reason).
In turn, the formation of such a certificate occurs in particular due to
any error
Yury,
I checked the source code (3.4/3.5) ssl_crtd, the default size is 2048.
-b fs_block_size File system block size in bytes. Need for processing
natural size of certificate on disk. Default value is
2048 bytes."
/**
\ingroup ssl_crtd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don't think this is critical. What is native fs block size?
09.04.15 13:29, Stakres пишет:
> Hi Yuri,
>
> We have checked the sslproxy_capath, all certifs updated.
> OpenSSL is: OpenSSL 1.0.1e 11 Feb 2013 (Debian 7.8)
>
> Additional point, the aut
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don't think this is critical. What is native fs block size?
09.04.15 13:29, Stakres пишет:
> Hi Yuri,
>
> We have checked the sslproxy_capath, all certifs updated.
> OpenSSL is: OpenSSL 1.0.1e 11 Feb 2013 (Debian 7.8)
>
> Additional point, the aut
Hi Yuri,
We have checked the sslproxy_capath, all certifs updated.
OpenSSL is: OpenSSL 1.0.1e 11 Feb 2013 (Debian 7.8)
Additional point, the auto-signed certif is a 1024, could it be the problem
?
Maybe we need to use the ssl_crtd with the option "-b 1024"
what do you think ?
example of corrupte
What I found, was I couldn't yum install . yum update but I would
directly download the rpm with wget (with out a proxy as well !).
strange !
On 9 April 2015 at 16:47, Henri Wahl wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi list,
> does anybody know what is the matter with ww
