Re: [squid-users] Squid 4.0.x = SNI Support

On 8/04/2017 1:05 a.m., Sebastien.Boulianne wrote: > Reverse proxy. > > Sébastien > > -Message d'origine- > De : Ralf Hildebrandt > > * Sebastien.Boulianne: >> Hi all, >> >> Anyone can confirm me if Squid 4.0.x support SNI ? > > SNI when doing what? ssl bump? > Maybe, but I don't thi

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

;-) No problem, Raf. This is really much better solution ;-) 07.04.2017 22:44, Rafael Akchurin пишет: > Hello Yuri, > > Yes this is much better solution! > > Best regards, > Rafael Akchurin > > Op 7 apr. 2017 om 18:20 heeft Yuri Voinov > het volgende geschreven: > >> #

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

Hello Yuri, Yes this is much better solution! Best regards, Rafael Akchurin Op 7 apr. 2017 om 18:20 heeft Yuri Voinov mailto:yvoi...@gmail.com>> het volgende geschreven: # TAG: sslproxy_foreign_intermediate_certs #Many origin servers fail to send their full server certificate #chain

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

# TAG: sslproxy_foreign_intermediate_certs #Many origin servers fail to send their full server certificate #chain for verification, assuming the client already has or can #easily locate any missing intermediate certificates. # #Squid uses the certificates from the specified file to

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

I would not install intermediate certificates in the system store. They have a much shorter validity period - this time, and two - there is a SQUID functionality that supports adding missing intermediate certificates from a separate file. For security reasons, intermediate certificates require addi

[squid-users] [squid-announce] Squid 4.0.19 beta is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.0.19 release! This release is a bug fix release resolving several issues found in the prior Squid releases. The major changes to be aware of: * Bug #4671: various GCC 7 compile errors GCC 7 adds a number of

[squid-users] [squid-announce] Squid 3.5.25 is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.5.25 release! This release is a bug fix release resolving several issues found in the prior Squid releases. The major changes to be aware of: * Bug 4508: Host forgery stalls intercepted being-spliced connecti

Re: [squid-users] What squid should do with RFC non-compliant response header?

Thanks Amos and Alex, I have seen a scenario like that but while working with haproxy. I believe that there is a difference between a "security" proxy appliance to some other kinds. The enforcement of the RFC for headers computability seems like the right way to go for any general http proxy. Th

Re: [squid-users] Squid 4.0.x = SNI Support

Reverse proxy. Sébastien -Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de Ralf Hildebrandt Envoyé : 7 avril 2017 08:50 À : squid-users@lists.squid-cache.org Objet : Re: [squid-users] Squid 4.0.x = SNI Support * sebastien.boulia...@cp

[squid-users] General security and usage questions

I have a Ubuntu server set up that does various things in addition to being a web proxy (squid 3.3.8) to use remotely over the internet.  This allows me to directly access internal devices with a web page on my LAN since my employer, like most, blocks VPN connections.  My intention is to have th

Re: [squid-users] Squid 4.0.x = SNI Support

* sebastien.boulia...@cpu.ca : > Hi all, > > Anyone can confirm me if Squid 4.0.x support SNI ? SNI when doing what? ssl bump? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de

Re: [squid-users] netdbExchangeHandleReply: corrupt data, aborting

Hi, No, I have using Squid 3.5.24. Sébastien -Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de Amos Jeffries Envoyé : 7 avril 2017 07:47 À : squid-users@lists.squid-cache.org Objet : Re: [squid-users] netdbExchangeHandleReply: corrupt

[squid-users] Squid 4.0.x = SNI Support

Hi all, Anyone can confirm me if Squid 4.0.x support SNI ? Thanks for all your answers. Sébastien. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] netdbExchangeHandleReply: corrupt data, aborting

On 7/04/2017 9:49 a.m., Sebastien.Boulianne wrote: > Hi, > > Anyone can explain me how to fix that when I do "service squid status" please > ? > netdbExchangeHandleReply: corrupt data, aborting > Are you using Squid-4 ? The way Squid-3 and older operate causes horrible confusion inside systemd

Re: [squid-users] Using client certificate for all connection

Hi Amos, thanks for answering. Im using Squid 3.5.12 I tried using the line: sslproxy_client_certificate /home/ubuntu/Documents/cert.pem The pem was generated from .pfx using, openssl pkcs12 -in cert.pfx -out cert.pem -nodes So it should contain the private key. But my server still asking

[squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

Hello everyone, Added new article for intermediate certificates and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error when bumping SSL. Hopefully will be helpful/interesting for someone https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html Best regards, Rafael Akchurin