On Sat, 26 Feb 2022 02:06:23 +1300
Amos Jeffries wrote:
> Agreed. Luckily we hear you (Alex and I are pretty much "them" these days).
>
Hopefully I don't sound unappreciative; I'm thankful for the work you've put
into Squid, and the quick and useful responses you've given here on the list,
wh
On Sat, 26 Feb 2022 00:16:30 +1300
Amos Jeffries wrote:
> [...]
>
> There are a few things to be aware of while troubleshooting:
>
> * not all TLS connections can be bump'ed. TLS is designed to prevent
> exactly the type of decrypt that bump does. If the client and server are
> using TLS prope
On 2/25/22 06:16, Amos Jeffries wrote:
On 24/02/22 15:26, Dave Blanchard wrote:
ssl_bump peek all
Okay TLS handshake clientHello gets observed by Squid.
... and TLS ServerHello. The "all" ACL will match during SslBump step1
_and_ step2
ssl_bump bump all
... now (step3) everything ge
On 2/24/22 16:49, Dave Blanchard wrote:
This tutorial situation is really out of control. Sadly, this is what
can be expected to happen when the syntax is changed with every
version. Now we're in a real mess. I hope the Squid developers will
make up their minds on how they want the syntax to be
On 25/02/22 10:49, Dave Blanchard wrote:
On Thu, 24 Feb 2022 15:07:53 -0500
Alex Rousskov wrote:
What is the replacement for client-first?
A "good" answer depends on what exactly you are trying to achieve;
details matter. A "dumb" answer (i.e. a direct replacement without
considering your tru
On 25/02/22 05:41, Grant Taylor wrote:
On 2/24/22 9:08 AM, Alex Rousskov wrote:
"more examples" is hardly the answer.
I believe that "more examples" can be additional data that someone can
derive information ~> knowledge from.
Or said another way, it's a step in the proper direction.
At
On 24/02/22 15:26, Dave Blanchard wrote:
Hello, I'm trying to configure Squid as a HTTPS cache on my local computer,
using ssl-bump. I've got it working as a basic proxy, but the traffic seems to
just be tunneling through and not being cached.
Do you actually get at least *2* (maybe 3) Squid
On Thu, 24 Feb 2022 15:07:53 -0500
Alex Rousskov wrote:
> > What is the replacement for client-first?
>
> A "good" answer depends on what exactly you are trying to achieve;
> details matter. A "dumb" answer (i.e. a direct replacement without
> considering your true needs and Squid bugs) is:
>
On 2/24/22 14:38, Dave Blanchard wrote:
> ssl_bump client-first all
What is the replacement for client-first?
A "good" answer depends on what exactly you are trying to achieve;
details matter. A "dumb" answer (i.e. a direct replacement without
considering your true needs and Squid bugs) is:
On Thu, 24 Feb 2022 14:22:25 -0500
Alex Rousskov wrote:
> [...]
>
> action is supposed to be doing. Legacy actions mentioned there,
> including client-first, should be treated as unsupported, having unknown
> side effects, and meant to be removed from Squid (yesterday). YMMV.
What is the repla
On 2/24/22 13:24, Dave Blanchard wrote:
ssl_bump client-first all
ssl_bump stare all
ssl_bump splice localhost
Bugs notwithstanding, the above configuration is equivalent to the
configuration below:
ssl_bump client-first all
The following wiki page can be used to find out what each ssl_
On Thu, 24 Feb 2022 12:24:35 -0600
Dave Blanchard wrote:
> (Note for any other confused noobs reading this: this configuration
> apparently requires Squid to be compiled with --with openssl and
> --with-ssl-crtd options on the 'configure' command line; or at least it did
> in older versions, a
On Thu, 24 Feb 2022 11:08:48 -0500
Alex Rousskov wrote:
> On 2/23/22 22:09, Dave Blanchard wrote:
> > OK--I solved the problem by removing the "ssl_bump bump all" line.
> > Works fine now.
>
> > Damn, this proxy is a TOTAL PAIN IN THE ASS!! to configure. It seems
> > like 90% of the tutorials ou
On 2/23/22 22:09, Dave Blanchard wrote:
OK--I solved the problem by removing the "ssl_bump bump all" line.
Works fine now.
Damn, this proxy is a TOTAL PAIN IN THE ASS!! to configure. It seems
like 90% of the tutorials out there are junk, largely because things
keep changing from version to ver
uid-users On Behalf Of
> Dave Blanchard
> Sent: Thursday, February 24, 2022 05:09
> To: squid-users@lists.squid-cache.org
> Subject: [squid-users] Trying to set up SSL cache - solved!
>
> OK--I solved the problem by removing the "ssl_bump bump all" line. Works
> fine now
On 23.02.22 21:09, Dave Blanchard wrote:
OK--I solved the problem by removing the "ssl_bump bump all" line. Works fine
now.
Damn, this proxy is a TOTAL PAIN IN THE ASS!! to configure.
configuring proxy is very easy, bumping SSL is not.
Since SSL is designed to encrypt traffic between ende -
-Original Message-
From: squid-users On Behalf Of
Dave Blanchard
Sent: Thursday, February 24, 2022 05:09
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Trying to set up SSL cache - solved!
OK--I solved the problem by removing the "ssl_bump bump all" line. Works
fine now.
OK--I solved the problem by removing the "ssl_bump bump all" line. Works fine
now.
Damn, this proxy is a TOTAL PAIN IN THE ASS!! to configure. It seems like 90%
of the tutorials out there are junk, largely because things keep changing from
version to version, obsoleting them. That having been s
Hello, I'm trying to configure Squid as a HTTPS cache on my local computer,
using ssl-bump. I've got it working as a basic proxy, but the traffic seems to
just be tunneling through and not being cached. My web browser shows the site's
actual certificate, rather than the locally generated self-si
19 matches
Mail list logo
