using SHA1 in your cache's CA, configure EDH
> ciphers for outgoing _and_ client-to-cache connections, suppress using
> SSLv2/SSLv3 (but keep in mind: you have _much_ old clients, like IM, which
> is hardcoded to use SSLv2/SSLv3 and you will got warnings/errors in your
> cache.log
nce with a simple text file
would appreciate that.
Thanks.
2016-01-04 9:52 GMT-03:00 Alejandro Martinez :
> Thanks all for your help.
>
> Is there a minimal config example to see splicing correctly Google sites?
>
> It would be very helpful.
> El 04/01/2016 09:28, "Amos Jeffr
Thanks all for your help.
Is there a minimal config example to see splicing correctly Google sites?
It would be very helpful.
El 04/01/2016 09:28, "Amos Jeffries" escribió:
> On 4/01/2016 1:16 p.m., Alejandro Martinez wrote:
> > Thanks again Yuri.
> >
> > I have
Thanks again Yuri.
I have tried blocking udp protocol on port 80 and 443 but without luck.
Is it possible to make google sites work in transparent mode without
bumping ? only splicing ?
Thanks
2016-01-03 10:11 GMT-03:00 Alejandro Martinez :
> Sorry my corrector.
> I want to say tha
Sorry my corrector.
I want to say that i am going to check blocking quic proto.
Sorry
El 03/01/2016 10:10, "Alejandro Martinez" escribió:
> Yuri
>
> Thanks.
>
> I amor.gringaus to checkpoint blocking quic.
>
> I cant put ca cert into clients besarse I dont hav
Sure,
>
> my config is quite different.
>
> Also - did you put cache CA cert into clients? And - did you block QUIC in
> your infrastructure? As described here:
>
> http://wiki.squid-cache.org/KnowledgeBase/Block%20QUIC%20protocol
> ?
>
> 03.01.16 8:28, Alejandro Martinez
With bump! ;)
>
> 03.01.16 2:12, Nir Krakowski пишет:
> > Its called certificate pinning:
> > https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
> >
> > Nir.
> >
> > On Sat, Jan 2, 2016 at 9:11 PM, Alejandro Martinez
>
> > wrote:
> >
> &
Hi all,
I'm using squid 3.5.12.
This is my relevant config:
*http_port 881*
*http_port 880 intercept*
*https_port 843 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/cert.pem key=*
*/usr/local/squid/etc**/cert.pem options=NO_SSLv3:NO_SSL
Hi all
there is an interesting project here (https://github.com/netom/pyicap) with
some examples about implementing an Icap Server
2015-02-10 5:21 GMT-02:00 Yuri Voinov :
>
> 10.02.15 5:40, Amos Jeffries пишет:
>
>> On 10/02/2015 12:00 p.m., Luis Miguel Silva wrote:
>>
>>> Dear all,
>>>
>>> I'm
Hi all,
I'm trying to setup deny_info for denied sites using CONNECT method.
This is something that doesn't work 100% depending on browser, etc.
Could be possible to change the 30X:http://x.x.x.x/deny.html to something
based in DNS replies ?
Squid uses its own directive "dns_nameserver" to confi
I have been trying with different versions of squid doing https
interception.
With some brosers versions work, with others doesn't.
Does it have sense to keep trying to do https interception with the arrive
of pinning and all that things that prevent this kind of activities ?
Maybe it's a good t
uot; format and "ERR"
> in squid 3.3 you use either a "http://xyz"; as it is or
> "302:http://xyz"; for a redirection and a blank line "" for no change.
>
> All The Bests,
> Eliezer
>
> On 09/29/2014 12:39 PM, Alejandro Martinez wrote:
>
Hi
I'm geting this error in cache.log
ERROR: URL-rewrite produces invalid request: GET ERR HTTP1.0
This error gives me with squidGuard (1.4).
I have tested a simple redirector in php to check the new helper interface
(The actual version of squid is 3.3.13), and It gives me the same message
Squ
13 matches
Mail list logo
