Matus UHLAR - fantomas wrote
> On 10.12.19 17:36, leonyuuu wrote:
>>Sent the unfinished mail accidentally. The body of the mail now is updated
>>from the original one.
>
> Don't do this.
>
> This is not nabble, but the squid-users mailing list and I doubt people
> are
> wanting to look at nabble'
Thanks Amos for quick response! It helps a lot in understanding the previous
logs like "forward proxy port not configured", and I adjusted my
configuration later today to do another test.
However, now the two proxies even doesn't send ICP/HTTP request to each
other anymore for cache digest and th
> On 12/12/19 1:49 am, Scott wrote:
> >> On 11/12/19 8:51 pm, Scott wrote:
> >>> Hi,
> >>>
> >>> I understand that squid does some security checking that the SNI of an
> >>> intercepted/WCCP HTTPS requests matches the reverse DNS of the IP of the
> >>> connection. Or something like that.
> >>
>
did a 'openssl dhparam -out dhparams.pem 4096' to generate the dhparams.pem
file, and added those into the squid.conf:
http_port 3129 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
*options=SINGLE_DH_USE:SINGLE_ECDH_USE
tls-dh=/u
Hi Nikolaus
This sounds exactly like the symptoms we have encountered. Will build from your
patch & test to see if it works in our situation.
John.
> On 7 Dec 2019, at 13:54, Nikolaus wrote:
>
> I was able to solve the issue, fixing both squid-side "error:1425F175:SSL
> routines:ssl_ch
On 12/11/19 7:10 AM, Amos Jeffries wrote:
> On 11/12/19 6:48 pm, GeorgeShen wrote:
>> Ok. for the 'clientca=' and 'tls-cafile=', is the purpose for proxy to
>> verify the client cert again this list before allow the connection to go
>> further?
> Any client certificate given must verify.
And, by
On 12/12/19 1:49 am, Scott wrote:
>> On 11/12/19 8:51 pm, Scott wrote:
>>> Hi,
>>>
>>> I understand that squid does some security checking that the SNI of an
>>> intercepted/WCCP HTTPS requests matches the reverse DNS of the IP of the
>>> connection. Or something like that.
>>
>> Not being able
On 11/12/19 5:47 pm, leonyuuu wrote:
> For cache digest requests between two interception squid proxies, it will
> actually display "forward loop detection" in the cache.log and the last Via
> host for that query(cache-digest-db) is itself. So is it also the root cause
> why the cache-miss forwardi
> On 11/12/19 8:51 pm, Scott wrote:
> > Hi,
> >
> > I understand that squid does some security checking that the SNI of an
> > intercepted/WCCP HTTPS requests matches the reverse DNS of the IP of the
> > connection. Or something like that.
>
> Not being able to say precisely what Squid is actu
On 11/12/19 8:51 pm, Scott wrote:
> Hi,
>
> I understand that squid does some security checking that the SNI of an
> intercepted/WCCP HTTPS requests matches the reverse DNS of the IP of the
> connection. Or something like that.
Not being able to say precisely what Squid is actually doing shows
On 11/12/19 6:48 pm, GeorgeShen wrote:
>> Yes, look for "client certificate" in your squid.conf.documented.
>
> Ok. for the 'clientca=' and 'tls-cafile=', is the purpose for proxy to
> verify the client cert again this list before allow the connection to go
> further? or it can use those client ce
On 11/12/19 3:48 am, aashutosh kalyankar wrote:
>
> Hi! I am trying to set up a HTTPs intercept proxy but I cannot get it to
> work. Can someone point me in the right direction?
>
> I tried following the
> tutorial @ https://www.youtube.com/watch?v=Bogdplu_lsE (Transparent
> HTTP+HTTPS Proxy wit
On 11/12/19 4:00 pm, GeorgeShen wrote:
> I'm running the squid latest from download site. 4.9
> Ok, i suspect that was related to my ^C running the process in foreground,
> but I also see before that there are warning messages in the log:
> 2019/12/09 19:23:12.116 kid1| WARNING:
> /usr/local/squid/
On 10.12.19 17:36, leonyuuu wrote:
Sent the unfinished mail accidentally. The body of the mail now is updated
from the original one.
Don't do this.
This is not nabble, but the squid-users mailing list and I doubt people are
wanting to look at nabble's webpage to see what you have edited.
--
M
14 matches
Mail list logo
