It does not recognize this directive
2024/07/04 16:16:46| Processing: url_rewrite_children 32 startup=8 idle=4
concurrency=0
2024/07/04 16:16:46| Processing: tls-default-ca on
2024/07/04 16:16:46| /usr/local/etc/squid/squid.conf(235): unrecognized:
'tls-default-ca’
Or with use of =
> On Jul 4
You also stated .. " my current working theory suggests that we are looking at
a (default) signUntrusted use case.”
I noticed for Squid documents that default is now set to off ..
http://www.squid-cache.org/Versions/v5/cfgman/http_port.html
http://www.squid-cache.org/Versions/v6/cfgman/http_po
>>> I do not recommend changing your configuration at this time. I recommend
>>> rereading my earlier recommendation and following that instead: "As the
>>> next step in triage, I recommend determining what that CA is in these cases
>>> (e.g., by capturing raw TLS packets and matching them with
Sorry
tls_outgoing_options
cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
Would I add this here?
> On Jul 4, 2024, at 15:12, Jonathan Lee wrote:
>
> I know before I could use
>
> tls_outgoing_opt
I know before I could use
tls_outgoing_options
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
However with the update I am seeing
ER
On 2024-07-04 15:37, Jonathan Lee wrote:
in Squid.conf I have nothing with that detective.
Sounds good; sslproxy_cert_sign default should work OK in most cases. I
mentioned signUntrusted algorithm so that you can discover (from the
corresponding sslproxy_cert_sign documentation) which CA/cer
Maybe adding it like this …
sslproxy_cert_sign signTrusted bump_only_mac https_login splice_only_mac
NoBumpDNS NoSSLIntercept
ssl_bump peek step1
miss_access deny no_miss active_use
ssl_bump splice https_login active_use
ssl_bump splice splice_only_mac splice_only active_use
ssl_bump splice NoBum
I found it
# TAG: sslproxy_cert_sign
#
#sslproxy_cert_sign acl ...
#
#The following certificate signing algorithms are supported:
#
# signTrusted
# Sign using the configured CA certificate which is usually
# placed in and trusted by end-user
On 2024-07-04 12:11, Jonathan Lee wrote:
failure while accepting a TLS connection on conn5887 local=192.168.1.1:3128
SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417
A000417 is an "unknown CA" alert sent by client to Squid while the
client is trying to establish a TLS connection to/through Squid. The
On 2024-07-04 12:36, Alex Rousskov wrote:
On 2024-07-04 10:58, Matus UHLAR - fantomas wrote:
On 2024-07-04 09:20, Wagner, Juergen03 wrote:
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client) > Squi
On 2024-07-04 10:58, Matus UHLAR - fantomas wrote:
On 2024-07-04 09:20, Wagner, Juergen03 wrote:
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client) > Squid ---> https ( server )
Could someone pl
On 2024-07-04 09:20, Wagner, Juergen03 wrote:
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client) > Squid ---> https ( server )
Could someone please confirm if the given setup is in principle
pos
On 2024-07-03 13:56, Jonathan Lee wrote:
Hello fellow Squid users does anyone know how to fix this issue?
I counted about eight different "issues" in your cache.log sample. Most
of them are probably independent. I recommend that you explicitly pick
_one_, search mailing list archives for prev
On 2024-07-04 09:20, Wagner, Juergen03 wrote:
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client) > Squid ---> https ( server )
Could someone please confirm if the given setup is in principle po
On 2024-07-04 04:57, Nishant Sharma wrote:
On 03/07/24 21:27, Alex Rousskov wrote:
On 2024-07-03 09:27, Nishant Sharma wrote:
Is there any change that we need to do in the configure script to
check for the availability of 64 bit atomic lock and use 32 bit lock
if not available?
It is technic
Hello forum,
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client)> Squid ---> https ( server )
I have searched the mailing list and didn’t find a proper answer.
Could someone please confirm if the
On 03/07/24 21:27, Alex Rousskov wrote:
On 2024-07-03 09:27, Nishant Sharma wrote:
I was able to compile by replacing `uint64_t` to `uint32_t` and squid
worked with workers > 1.
Where did you replace uint64_t with uint32_t? In IdSet::Node typedef?
Any other changes? AFAICT, changing just IdSe
17 matches
Mail list logo
