On 2024-08-23 06:29, ngtech1...@gmail.com wrote:
OK so the issue was that:
The http_port was used for ssl bump with intercept
I would not phrase it that way because "bump" is a red herring here. I
would instead say that the issue was that "http_port was used for
intercepted TLS traffic" or "
OK so the issue was that:
The http_port was used for ssl bump with intercept while the only port which
can really intercept ssl connections is:
https_port
so I believe that there should be a warning about such a line in the cache log.
When there is http_port and intercept and ssl_bump there
accurately to become valid.
HTH,
Alex.
-Original Message-
From: squid-users On Behalf Of Alex
Rousskov
Sent: Thursday, August 22, 2024 9:21 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump
SSL Traffic
On 2024-08-20
n the squid box
>
> Since the intercept method terminates the connection and creates
a new one with the ip of the proxy it's very simple to even use gre
and ipip.
> But, with tproxy to allow the traffic being identified currently
as a packet which is not still in the
currently
as a packet which is not still in the routing stack we the linux OS
need to tag it somehow.
> To do that the default "Salt" for the packet hash in the routing
stack is the source and destination mac address.
> Due to this the only methods which are
On 2024-08-20 06:35, ngtech1...@gmail.com wrote:
Attached a link for the pcap file that might shed some light on the
issue from a technical perspective
That link does not work for me: Nothing is shown but a page with generic
background and a "get your own free account" signature at the bottom
Attached a link for the pcap file that might shed some light on the issue from
a technical perspective:
https://cloud.hisstory.org.il/apps/maps/s/Mw8Cb8QLYto83rK
Eliezer
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid
...@gmail.com
-Original Message-
From: squid-users On Behalf Of Alex
Rousskov
Sent: Monday, August 19, 2024 10:59 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump
SSL Traffic
al Message-
From: Alex Rousskov
Sent: Monday, August 19, 2024 7:18 PM
To: NgTech LTD
Subject: Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump
SSL Traffic
Eliezer, please move this thread back to squid-users mailing list
instead of emailing me personally. When you do so, pl
:18 PM
To: NgTech LTD
Subject: Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump
SSL Traffic
Eliezer, please move this thread back to squid-users mailing list
instead of emailing me personally. When you do so, please clarify
whether all 12 access.log records correspond to thi
On 2024-08-19 03:47, NgTech LTD wrote:
I am testing Squid 6.10 on Fedora 40 (their package).
And it seems that Squid is unable to bump clients (ESNI/ECH)?
I had couple iterations of pek stare and bump and I am not sure what is
the reason for that:
What do you use as a client? Judging by the n
I am testing Squid 6.10 on Fedora 40 (their package).
And it seems that Squid is unable to bump clients (ESNI/ECH)?
I had couple iterations of pek stare and bump and I am not sure what is the
reason for that:
shutdown_lifetime 3 seconds
external_acl_type whitelist-lookup-helper ipv4 ttl=10 childre
12 matches
Mail list logo
