Re: [squid-users] Help troubleshooting proxy<-->client https

2017-06-02 Thread Masha Lifshin
Thank you very much Amos and Alex for the helpful explanations, high level of detail, and for tracking down that this combo is not possible at this time. We're going to evaluate what to do next with this info. I'll probably be following up with more questions soon. -M On Fri, Jun 2, 2017 at 9:05

Re: [squid-users] Help troubleshooting proxy<-->client https

2017-05-31 Thread Masha Lifshin
here, would it be possible to have all http and https traffic from the browser go through 31443? So squid would not need to have ports 80 and 443 open? Thank you, -Masha On Wed, May 31, 2017 at 5:10 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 05/31/2017 02:42 PM,

Re: [squid-users] Help troubleshooting proxy<-->client https

2017-05-31 Thread Masha Lifshin
what, if any, are the security issues with using port 80 for the http traffic? Thank you, -Masha On Fri, May 26, 2017 at 7:19 AM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 05/26/2017 12:00 AM, Masha Lifshin wrote: > > I have added an https_port directive > &

[squid-users] Help troubleshooting proxy<-->client https

2017-05-25 Thread Masha Lifshin
Hello Dear Squid Users, I am trying to configure my Squid 4.0.17 to use an https connection between the client and the proxy. I have added an https_port directive to squid.conf, but it must be misconfigured. When I test with a dev version of curl that supports https proxies, I am getting ERR_PROT

Re: [squid-users] Best practices for beefing up security for squid with ssl-bump

2017-05-16 Thread Masha Lifshin
Dear Amos, Thank you for these insights. I appreciate the clarification on Ssl Sever Cert Validator, and am putting in place your list of basics. -Masha On Sat, May 13, 2017 at 5:36 AM, Amos Jeffries wrote: > On 13/05/17 14:33, Masha Lifshin wrote: > >> Dear Squid Users list, &g

[squid-users] Best practices for beefing up security for squid with ssl-bump

2017-05-12 Thread Masha Lifshin
Dear Squid Users list, I have a Squid 4 configured as explicit proxy with ssl-bump interception. I am working on making it as secure as possible, given the vulnerability risks with doing ssl inspection ( https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html). I am implementin

Re: [squid-users] Squid cannot parse Content-Length header value and closes connection before sending body?

2017-05-10 Thread Masha Lifshin
;sntz=1&usg=AFQjCNHxLMMy7H9BCp8Cu4-yItJLHWQ1zg> Alex has created a patch that fixes the issue. Thank you, -Masha On Mon, May 1, 2017 at 4:37 PM, Alex Rousskov wrote: > On 05/01/2017 04:12 PM, Masha Lifshin wrote: > > > when I turn on icap, squid shuts down the connection ea

[squid-users] Squid cannot parse Content-Length header value and closes connection before sending body?

2017-05-01 Thread Masha Lifshin
Dear squid-users mailing list, Thank you for reading this message and for all your hard work on this great project. I have inherited a Squid 3.5.2 install, with ecap, icap, and custom respmod and reqmod icap services. I am upgrading to Squid 4, adding ssl-bump, and upgrading c-icap to 0.5.2. Wh