Re: [squid-users] SSL errors with Squid 3.5.27

2018-06-09 Thread Amos Jeffries
On 10/06/18 03:46, Julian Perconti wrote: >>> https_port 3130 intercept ssl-bump \ >>> cert=/etc/squid/ssl_cert/squidCA.pem \ >>> key=/etc/squid/ssl_cert/squidCA.pem \ >>> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB >>> tls-dh=/etc/squid/ssl_cert/dhparam.pem >> >> These DH

Re: [squid-users] SSL errors with Squid 3.5.27

2018-06-09 Thread Julian Perconti
>> https_port 3130 intercept ssl-bump \ >> cert=/etc/squid/ssl_cert/squidCA.pem \ >> key=/etc/squid/ssl_cert/squidCA.pem \ >> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB >> tls-dh=/etc/squid/ssl_cert/dhparam.pem > >These DH parameters are for old DH not for ECDHE (missing c

Re: [squid-users] PID file /var/run/squid.pid not readable AND Supervising process XXX which is not our child

2018-06-09 Thread Alex K
After proceeding with using the shipped service file, then systemctl daemon-reload I do not experience any stuck reboots at the moment. Alex On Sat, Jun 9, 2018 at 4:30 PM, Alex K wrote: > Getting back to this, I face also issues that seems to be related with how > systemd handles squid. > Freq

Re: [squid-users] About to upgrade from 3 to 4

2018-06-09 Thread James Lay
On Sat, 2018-06-09 at 07:17 -0600, James Lay wrote: > On Sun, 2018-06-10 at 01:13 +1200, Amos Jeffries wrote: > > On 10/06/18 01:02, James Lay wrote: > > > > So in my config file I have: > > sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB > > However I do not see this after compili

Re: [squid-users] PID file /var/run/squid.pid not readable AND Supervising process XXX which is not our child

2018-06-09 Thread Alex K
Getting back to this, I face also issues that seems to be related with how systemd handles squid. Frequently when I try restart the VM the VM is stuch at stopping squid and it never restarts. Checking the differences between the autogenerated service file and the one shipped with squid I see: dif

Re: [squid-users] About to upgrade from 3 to 4

2018-06-09 Thread James Lay
On Sun, 2018-06-10 at 01:13 +1200, Amos Jeffries wrote: > On 10/06/18 01:02, James Lay wrote: > > So in my config file I have: > sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB > However I do not see this after compiling and installing. Has this > goneaway in 4? Thank you. > James

Re: [squid-users] About to upgrade from 3 to 4

2018-06-09 Thread Amos Jeffries
On 10/06/18 01:02, James Lay wrote: > > So in my config file I have: > > sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB > > However I do not see this after compiling and installing. Has this gone > away in 4? Thank you. > > James It's now called security_file_certgen.

Re: [squid-users] About to upgrade from 3 to 4

2018-06-09 Thread James Lay
On Fri, 2018-06-08 at 09:36 -0600, James Lay wrote: > On Sat, 2018-06-09 at 03:04 +1200, Amos Jeffries wrote: > > On 09/06/18 02:33, James Lay wrote: > > Hey all! > > Topic says itI'm starting to look at doing an upgrade from 3 to > > 4.Any glaring surprises? Doing a transparent forward proxy w