Re: [squid-users] using squid3 without certificate

2016-07-11 Thread Alex Rousskov
On 07/11/2016 04:09 PM, Antony Stone wrote: > On Monday 11 July 2016 at 23:07:06, HackXBack wrote: > >> Is there any news for using squid3 for caching https connections without >> install certificates in client browser manually ? > > Yes, it's impossible. In other words: No, there are no news: I

Re: [squid-users] using squid3 without certificate

2016-07-11 Thread Antony Stone
On Monday 11 July 2016 at 23:07:06, HackXBack wrote: > Is there any news for using squid3 for caching https connections without > install certificates in client browser manually ? Yes, it's impossible. The client needs to see a server certificate signed by a trusted CA. If Squid is going to int

[squid-users] using squid3 without certificate

2016-07-11 Thread HackXBack
Is there any news for using squid3 for caching https connections without install certificates in client browser manually ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/using-squid3-without-certificate-tp4678459.html Sent from the Squid - Users mailing list

Re: [squid-users] Linking with *SSL

2016-07-11 Thread Pavel Timofeev
2016-05-20 17:06 GMT+03:00 Amos Jeffries : > On 13/05/2016 1:33 a.m., Spil Oss wrote: >>> Hi! >>> When we worked on squid port on FreeBSD one of the FreeBSD user >>> (Bernard Spil) noticed: >>> >>> When working on this, I ran into another issue. Perhaps maintainer can >>> fix that with upstream. I'

Re: [squid-users] HTTPS bump doesn't work with websites that require SNI

2016-07-11 Thread Alex Rousskov
On 07/11/2016 01:16 AM, Yiğitcan UÇUM wrote: > Squid Cache: Version 3.4.10 > ssl_bump none localhost > ssl_bump server-first all > > sslproxy_cert_error allow all > sslproxy_flags DONT_VERIFY_PEER Your Squid version does not support SslBump well. Please upgrade to the latest Squid v3.5 or, if

Re: [squid-users] host_verify_strict and wildcard SNI

2016-07-11 Thread Steve Hill
On 07/07/16 12:30, Marcus Kool wrote: Here things get complicated. It is correct that Squid enforces apps to follow standards or should Squid try to proxy connections for apps when it can? I would say no: where it is possible for Squid to allow an app to work, even where it isn't following st

Re: [squid-users] HTTPS bump doesn't work with websites that require SNI

2016-07-11 Thread Yiğitcan UÇUM
Hello there, Thanks for your your interest. The versions we use are: Squid Cache: Version 3.4.10 OpenSSL 1.0.2h 3 May 2016 -- Configuration we use for https bumping: always_direct allow all ssl_bump none localhost ssl_bump server-first all sslproxy_cert_error allow all sslproxy_flags DO