I'm having some trouble because my 4.0.24-VCS squid proxy is caching requests
that it shouldn't be, breaking the website I'm routing through it.
From the HAR output of the client using the proxy:
Response Headers
Cache-Control
no-cache;no-store
Content-Encoding
gzip
Content-T
On 09/27/2018 11:12 AM, Christof Gerber wrote:
> I mean what happens if the extra request to the CA to download the
> missing certificate takes ages. Is there a timeout routine running
> which aborts the request if for instance the certificate is not
> downloaded after 5 seconds?
Yes, of course.
On 09/27/2018 09:56 AM, Christof Gerber wrote:
> Concerning the new feature which fetches the missing intermediate
> certificates I have three questions about its implementation and
> implications:
> 1. What happens if the certificate fetch requests runs into a timeout?
If Squid lacks a certifica
On 09/27/2018 02:43 AM, Ralf Hildebrandt wrote:
> I recompiled my squid-5 with openssl and added
>
> ssl_bump peek all
> ssl_bump splice all
>
> to my squid.conf. What logging should I expect to verify it's actually
> working?
Logging %ssl:bump_mode may be a good idea.
For a particular _spliced
Concerning the new feature which fetches the missing intermediate
certificates I have three questions about its implementation and
implications:
1. What happens if the certificate fetch requests runs into a timeout?
Is this prevented somehow?
2. Does Squid also learn intermediate certificates fro
On 27/09/18 8:43 PM, Ralf Hildebrandt wrote:
> I recompiled my squid-5 with openssl and added
>
> ssl_bump peek all
> ssl_bump splice all
>
> to my squid.conf. What logging should I expect to verify it's actually
> working?
>
Depends on what you mean by 'working'.
Splicing will show up as acce
I recompiled my squid-5 with openssl and added
ssl_bump peek all
ssl_bump splice all
to my squid.conf. What logging should I expect to verify it's actually
working?
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Frankl
