On 27/06/19 11:39 am, Jared Fox wrote:
> Hi Amos
>
> So i have tried the following based on your suggestions, but it is
> still failing and have errors below:
>
> 1. Switched to a wildcard whitelist instead of single domain
> 2. Updated the logformat to provide more information, see below:
> 3. A
Hi Amos
So i have tried the following based on your suggestions, but it is
still failing and have errors below:
1. Switched to a wildcard whitelist instead of single domain
2. Updated the logformat to provide more information, see below:
3. Add in `--client-requested`, but this made no difference
On 26/06/19 2:45 pm, Jared Fox wrote:>
> == Bad news / Major Blocker ==
> https connections to cloud tracing is still being blocked, these are
> TLS 1.2 and uses SNI as seen via tcpdump.
>
Okay, now that you have the v4 capabilities:
* Please add %ssl::bump_mode to your log so we can see easily wh
Hi Amos / Squid-Users
So some good news and bad news and i'm still blocked.
== Good news ==
I have managed to get Squid 4.7 running on Centos 7.6.1810, with the
squid & squid-helpers binary rpms from
`http://www1.ngtech.co.il/repo/centos/$releasever/$basearch/`.
FYI: The squid-helpers rpm does n
Thank you Amos
I will update the Squid config and give Squid-helpers 3.5 a go today
and let you know.
Do you have any idea why only some tls 1.2 connections would work with
the whitelisting.?
Thanks
Jared
DevOps Architect - Practiv
On Tue, Jun 25, 2019 at 9:04 PM Amos Jeffries wrote:
>
> On 25
On 25/06/19 1:24 pm, Jared Fox wrote:
> Hi Squid-Users
>
> I need your help!
>
> So i have had been using Squid 3.5.20 (installed on Amazon Linux 2)
> and its acting as a transparent ssl proxy with whitelist of allowed
> addresses. I want to avoid running a mitm proxy and having to add CA
> certs
Hi Squid-Users
I need your help!
So i have had been using Squid 3.5.20 (installed on Amazon Linux 2)
and its acting as a transparent ssl proxy with whitelist of allowed
addresses. I want to avoid running a mitm proxy and having to add CA
certs to all services/containers etc. Traffic is routed to
