I'm using 3.5 with transparent server first bumping in ~100 deployments so
far, it works just fine, excluding with SNI and everything.
On 12/07/2015 10:58 am, "Yuri Voinov" wrote:
> Man,
>
> 3.5.x don't work with server-first. It must be for backward compatibility
> - but don't be.
>
> Also, AFA
urrency_id)
line = sys.stdin.read()
Hope that helps,
Nathan.
On 30 May 2015 at 01:14, James Lay wrote:
> On 2015-05-29 08:57 AM, Nathan Hoad wrote:
>>
>> Yes, I have it working on about a dozen deployments so far, using an
>> external ACL to make bumping decisions
Yes, I have it working on about a dozen deployments so far, using an
external ACL to make bumping decisions based on the SNI server name and a
few other things. No complaints from me, it Just Works.
On 29/05/2015 5:50 pm, "sp_" wrote:
> Hello,
>
> does anyone have the working squid 3.5 with inter
o not want bumped, like banking websites. I wasn't able
> to get the squid.conf and helper script example you provided to work for me.
>
> Does the new server_name acl change how this can be done? Would you be able
> to provide a new example for me to try based on this new acl in squi
You're experiencing http://bugs.squid-cache.org/show_bug.cgi?id=4236 -
give the patch on there a try and see if it helps. It should tell you
what's really failing.
You'll start getting messages like this:
Error negotiating SSL connection on FD 439:
error:0005:lib(0):func(0):DH lib (5/-1/0)
W
These are fixed in 3.5.4.
Nathan.
On 5 May 2015 at 08:59, Prashanth Prabhu wrote:
> Hi folks,
>
> I am seeing a bunch of Squid crashes after moving recently to 3.5.1.
> The stack trace for the various crashes is below, along with info I
> have been able to gather for them. This is on a setup whe
Working just fine for me on 3.5.3 and 3.5.4:
[root@box ~]# squidmgr info
Squid Object Cache: Version 3.5.3
[snip]
Number of clients accessing cache:4187
Number of HTTP requests received:247419
[root@box2 ~]# squidmgr info
Squid Object Cache: Version 3.5.4
[snip]
Number of cli
Hello,
This may be a question more for Christos than anyone else (as he did
the original work), but why is SSL Context caching disabled for SSL
bump when set to bump and splice mode?
Thank you,
Nathan.
___
squid-users mailing list
squid-users@lists.squ
Hi Fred,
I believe you're experiencing bug 3329:
http://bugs.squid-cache.org/show_bug.cgi?id=3329
Please try the patch that I have on there and see if that helps your issue.
Thank you,
Nathan.
On 17 April 2015 at 17:06, Stakres wrote:
> Hi All,
>
> Is anyone with an trick regarding this error
As I mentioned earlier, this hasn't worked the because the debug
symbols you're running gdb against don't quite match the binary in
which the crash occurred. I would check the version of the debug
symbols you're running gdb against versus the version of the squid
binary that was installed. These ch
As I said earlier, if you can get this information from gdb that would
be helpful.
frame 3
print ccb->conn.p_
print ccb->conn.p_->fd
print conn.p_
print conn.p_->fd
On 17 April 2015 at 23:39, HackXBack wrote:
> why this issue happen i cant find what cause problem ..
>
>
>
> --
> View this messag
What version of Squid are you running, and in what environment?
Based on the fact that the output of the gdb backtrace doesn't show
function parameters (debug symbols don't quite match up to the
binary), this may not work, but if you could run these commands in gdb
and show the output, that would
Hello,
I believe you're experiencing bug 3329:
http://bugs.squid-cache.org/show_bug.cgi?id=3329
Please try the patch that I have on there and see if that helps your issue.
Thank you,
Nathan.
On 15 April 2015 at 07:16, HackXBack wrote:
> [New LWP 4677]
> [New LWP 4704]
> [New LWP 4687]
> [New
w to use them to not
> bump certain sites. I'm thinking the sni is what is actually used to
> identify the sites to not bump?
>
> Is there a good write-up somewhere of how to create these ACL helpers and
> how to use them?
>
> On Sun, Apr 12, 2015 at 8:25 PM, Nathan Hoad
>
Hi Stan,
For peek and splice, you need to decide based on the SNI name, not the
domain name, which for 3.5 means you need to use an external ACL
helper that processes %ssl::>sni. For 4.0 there will be a server_name
ACL you can use instead.
On top of that, you also need to make sure this external
Hello,
Do you have a core dump? If so, if you could get a backtrace as
described here http://wiki.squid-cache.org/SquidFaq/BugReporting and
post it here?
Thank you,
Nathan.
On 2 April 2015 at 03:45, Stakres wrote:
> Hi All,
>
> Strange problem during surf, squid 3.5.3, 64bits, Debian 7.8:
> *2
27;ll
stick with the external ACL helper.
Cheers,
Nathan.
On 9 March 2015 at 16:06, Amos Jeffries wrote:
> On 9/03/2015 5:52 p.m., Nathan Hoad wrote:
>> Hi folks,
>>
>> I'm playing with 3.5.2 and Peek-n-Splice, I was wondering if it's
>> actually possible to
Hi folks,
I'm playing with 3.5.2 and Peek-n-Splice, I was wondering if it's
actually possible to exclude requests based on the SNI host and have
Squid still bump correcty. I've been trying with this configuration,
using a simple external acl:
https_port 60443 intercept ssl-bump cert=/path/to/insp
Look at the headers that Squid is sending to the server. It's likely
they're mentioning Squid in some form. The simplest way to do this is
with a packet capture via tcpdump/wireshark, or to turn up the logging
in Squid via debug_options in squid.conf.
On 28 September 2014 08:15, Ahmd wrote:
> hi
19 matches
Mail list logo
