Re: [squid-users] FATAL: Ipc::Mem::Segment::create failed to shm_open(/squid-cf__metadata.shm): (13) Permission denied

On 13/04/2016 1:41 a.m., amadaan wrote: > > Also, can you give me link to your unofficial RPMs. > That would be Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I suggests the matter can be openssl not OS: root @ cthulhu /patch # openssl version -a OpenSSL 1.0.1s 1 Mar 2016 built on: Tue Mar 1 15:42:26 2016 platform: solaris64-x86_64-cc-sunw options: bn(64,64) rc4(16x,int) des(ptr,cisc,16,int) idea(int

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 root @ cthulhu /patch # dig www.cloudflare.com ; <<>> DiG 9.6-ESV-R11-P4 <<>> www.cloudflare.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32548 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

What "dig www.cloudflare.com" results with? Also what OS are you using? I am using CentOS 7 up to date... Eliezer On 12/04/2016 21:39, Yuri Voinov wrote: root @ cthulhu /patch # openssl s_client -cipher 'ECDHE-ECDSA-AES128-GCM-SHA256' -connect w

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 My openssl test show the next Cloudflare cipher: ECDHE-ECDSA-AES128-GCM-SHA256 So, result is: root @ cthulhu /patch # openssl s_client -cipher 'ECDHE-ECDSA-AES128-GCM-SHA256' -connect www.cloudflare.com:443 CONNECTED(0003) depth=3 C = SE, O

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

Hey Yuri, I will try to test it with couple versions of 4.0.x. But it's weird... The reason it's weird is since some kind of trust or understand this test: https://www.ssllabs.com/ssltest/analyze.html?d=www.cloudflare.com&s=198.41.214.162&latest I am not an

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 UPDATE: Every failed connect produce the next sequence in access.log: 1460474791.631 15444 192.168.100.103 NONE_ABORTED/200 0 CONNECT 198.41.215.162:443 - ORIGINAL_DST/198.41.215.162 - 1460474791.658 0 192.168.100.103 NONE/503 3951 GET http

Re: [squid-users] FATAL: Ipc::Mem::Segment::create failed to shm_open(/squid-cf__metadata.shm): (13) Permission denied

Hey Eliezer, Thanks for looking into details. Here is my te file module MYPOLICY 1.0; require { type unconfined_t; type var_run_t; type usr_t; type syslogd_t; type user_tmpfs_t; type squid_t; type tmpfs_t; class process signal;

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 UPDATE: https://i1.someimage.com/b8w5dFz.png This is answer from Cloudflare support. But: 3.5.16 can deal with ECDSA TLS 1.2 but 4.0.8 not? 12.04.16 17:55, Yuri Voinov пишет: > Does anybody faces this problem with 4.0.8: > > https://i1.someimag

[squid-users] Squid 4: Cloudflare SSL connection problem

Does anybody faces this problem with 4.0.8: https://i1.someimage.com/3lD2cvV.png ? It accomplished this error in cache.log: 2016/04/12 17:39:38 kid1| Error negotiating SSL on FD 54: error::lib(0):func(0):reason(0) (5/0/0) and "NONE/503" in access.log. Without proxy works like sharm

Re: [squid-users] Squid 3.5.16 and vary loop objects (bug ?)

Amos I don't know if this is related or not, but I have a lot of 2016/04/12 13:00:50| Could not parse headers from on disk object 2016/04/12 13:00:50| Could not parse headers from on disk object 2016/04/12 13:00:50| Could not parse headers from on disk object 2016/04/12 13:00:50| Could not parse h

Re: [squid-users] Squid Cache: Version 3.5.16 and ext_ldap_group_acl

Am 12-04-2016 10:58, schrieb Amos Jeffries: On 12/04/2016 8:36 p.m., Thomas Elsäßer wrote: Dear all, I call from Shell: /usr/local/squid/libexec/ext_ldap_group_acl -d -R -b "OU=UMW,DC=a,DC=b,DC=de" -D "...@a.b.de" -w "XXX" \ -f "(&(objectClass=person)(sAMAccountName=%v)(MemberOf=CN=%g

Re: [squid-users] Squid Cache: Version 3.5.16 and ext_ldap_group_acl

On 12/04/2016 8:36 p.m., Thomas Elsäßer wrote: > Dear all, > > I call from Shell: > > /usr/local/squid/libexec/ext_ldap_group_acl -d -R -b > "OU=UMW,DC=a,DC=b,DC=de" -D "...@a.b.de" -w "XXX" \ > -f > "(&(objectClass=person)(sAMAccountName=%v)(MemberOf=CN=%g,OU=DomLokaleGruppen,OU=Gruppen

[squid-users] Squid Cache: Version 3.5.16 and ext_ldap_group_acl

Dear all, I call from Shell: /usr/local/squid/libexec/ext_ldap_group_acl -d -R -b "OU=UMW,DC=a,DC=b,DC=de" -D "...@a.b.de" -w "XXX" \ -f "(&(objectClass=person)(sAMAccountName=%v)(MemberOf=CN=%g,OU=DomLokaleGruppen,OU=Gruppen,OU=Benutzer,OU=Min-PRD,OU=XXX,DC=a,DC=b,DC=de))" -h dc.a.b

Re: [squid-users] i have two question about https_port tproxy

On 12/04/2016 7:04 p.m., johnzeng wrote: > > Hello Dear Sir : > > i will optimize https traffic recently at bridge tproxy environment , i > know squid will https_port tproxy , > > question one : Whether the feature ( https_port) will be stable at squid > 3.5 ? https_port is not a feature. It is

Re: [squid-users] Squid 3.5.16 and vary loop objects (bug ?)

On 8/04/2016 1:23 a.m., Amos Jeffries wrote: > On 7/04/2016 1:42 a.m., joe wrote: >> yes >> >> FredB wrote Attached is a patch which I think will fix 3.5.16 (should apply fine on 4.0.8 too) without needing the cache reset. Anyone able to test it please? >>> >>> Reset t

[squid-users] i have two question about https_port tproxy

Hello Dear Sir : i will optimize https traffic recently at bridge tproxy environment , i know squid will https_port tproxy , question one : Whether the feature ( https_port) will be stable at squid 3.5 ? question two : https_proxy will optimize special website url via acl or https_proxy can opt