Re: [squid-users] Squid Behavior to Ping Destination on Registered Ports

2017-11-18 Thread Amos Jeffries
On 19/11/17 11:37, Kevin Wong wrote: From: Antony Stone On Saturday 18 November 2017 at 21:21:38, Kevin Wong wrote: > My firewall (Juniper SRX) caught outbound ICMP flows using vulnerable ports That makes no sense.  ICMP doesn't use port numbers. That is why I asked the lis

Re: [squid-users] Squid Behavior to Ping Destination on Registered Ports

2017-11-18 Thread Antony Stone
On Saturday 18 November 2017 at 22:37:20, Kevin Wong wrote: > > Date: Sat, 18 Nov 2017 22:06:31 + > > From: Antony Stone > > To: squid-users@lists.squid-cache.org > > Subject: Re: [squid-users] Squid Behavior to Ping Destination on > > > > Registered Ports > > > > Message-ID: <

Re: [squid-users] Squid Behavior to Ping Destination on Registered Ports

2017-11-18 Thread Kevin Wong
> Date: Sat, 18 Nov 2017 22:06:31 + > From: Antony Stone > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Squid Behavior to Ping Destination on > Registered Ports > Message-ID: <201711182206.31894.antony.st...@squid.open.source.it> > Content-Type: Text/Plain;

Re: [squid-users] Squid Behavior to Ping Destination on Registered Ports

2017-11-18 Thread Antony Stone
On Saturday 18 November 2017 at 21:21:38, Kevin Wong wrote: > My firewall (Juniper SRX) caught outbound ICMP flows using vulnerable ports That makes no sense. ICMP doesn't use port numbers. > before initiating outbound HTTP traffic. I am running an updated Squid > Proxy on Ubuntu 16.04. Can a

[squid-users] Squid Behavior to Ping Destination on Registered Ports

2017-11-18 Thread Kevin Wong
My firewall (Juniper SRX) caught outbound ICMP flows using vulnerable ports before initiating outbound HTTP traffic. I am running an updated Squid Proxy on Ubuntu 16.04. Can anybody explain or confirm the Squid behavior? Oct 15 03:53:37 firewall RT_FLOW: RT_FLOW_SESSION_DENY: session denied 10.

Re: [squid-users] https://wiki.squid-cache.org provides invalid certificate chain ...

2017-11-18 Thread Alex Crow
On 18/11/17 12:56, Walter H. wrote: On 18.11.2017 13:51, Walter H. wrote: Hello, still certificate issues: missing intermediate certificate Greetings, Walter @Amos:  There is  *no* chain. Our cert is directly signed by the LetsEncrypt CA.  Amos that's wrong;  LetsEncrypt is only an inte

Re: [squid-users] https://wiki.squid-cache.org provides invalid certificate chain ...

2017-11-18 Thread Walter H.
On 18.11.2017 13:51, Walter H. wrote: Hello, still certificate issues: missing intermediate certificate Greetings, Walter @Amos: There is *no* chain. Our cert is directly signed by the LetsEncrypt CA. Amos that's wrong; LetsEncrypt is only an intermediate, and MUST be given by the ser

Re: [squid-users] https://wiki.squid-cache.org provides invalid certificate chain ...

2017-11-18 Thread Walter H.
Hello, still certificate issues: missing intermediate certificate Greetings, Walter On 17.11.2017 13:39, Walter H. wrote: for more information see https://www.ssllabs.com/ssltest/analyze.html?d=wiki.squid-cache.org - missing intermediate certificate - ssl3 active, poodle vulnerable ... Greet