On 1/03/20 3:57 pm, GeorgeShen wrote:
>
> Is there a way, not using ssl-bump, on squid to verify the remote server has
> the certificate signed by some well-known CA or self-signed?
What are you trying to do exactly?
All root CAs are self-signed, even the "well-known" ones. It is just a
matter o
On 2020-02-29 14:17, Matus UHLAR - fantomas wrote:
I guess DoH means dns over https and thus needs sslbump enabled. the easy
but limited way would be to disable connections to publicly available DoH
servers.
Thanks.
Is someone maintaining such a list?
bye
av.
___
On 2020-02-29 10:19, Amos Jeffries wrote:
With ACL that identify the relevant messages:
acl dns-query-url urlpath_regex ^/dns-query\??
acl dns-req-message req_header Content-Type ^application/dns-message$
acl doh_request any-of dns-query-url dns-req-message
acl doh_reply rep_heade
Hi all,
I have three squid proxies, two of which respond normally to cachemgr
requests:
# printf "GET cache_object://localhost/info HTTP/1.0\r\n\r\n" | nc HOSTNAME
3128
The third proxy however returns an html error page:
ERROR
The requested URL could not be r
On 29/02/20 4:11 pm, Scott wrote:
> Hi all,
>
> I have three squid proxies, two of which respond normally to cachemgr
> requests:
>
> # printf "GET cache_object://localhost/info HTTP/1.0\r\n\r\n" | nc HOSTNAME
> 3128
>
> The third proxy however returns an html error page:
>
Which Squid versi
Sorry, I should have said 'Trusted self-signed' CA vs non-Trusted. I was in
one enterprise, they use proxy server, when I went to a non-trusted CA
server, I got TLS handshaking error; but it worked fine when going to a
'trusted' CA server. And I know my connection on the proxy was not a
SSL-Bump.
On 2/03/20 11:32 am, GeorgeShen wrote:
>
> Sorry, I should have said 'Trusted self-signed' CA vs non-Trusted. I was in
> one enterprise, they use proxy server, when I went to a non-trusted CA
> server, I got TLS handshaking error; but it worked fine when going to a
> 'trusted' CA server. And I kno
