> That is somewhat useful. TLS version being received is not valid.
Ok - although this is squid users phorum - this could be even more useful:
Firefox - http://download.kjj.cz/pub/ssl/firefox.txt it goes throught
everything to the GET / HTTP/1.1 request
Chrome - http://download.kjj.cz/pub/ssl/
Found this:
2020/06/17 08:06:31.292 kid2| 24,7| BinaryTokenizer.cc(74) got:
SupportedVersions.octets= caca0304030303020301 occupying 10 bytes @1 in
0x7ffd9ba4a0b0.
0x0301 - 0x0304 -> TLS versions to TLS1.3
0xcaca = non-existent
(a few lines further:)
BinaryTokenizer.cc(65) got: supported_versi
This is the most naïve and dirtiest effort but I don't know where else it's
called - not going to check it and fix calling it with nonsense numbers - so I
went like this:
/// parse TLS ProtocolVersion (uint16) and convert it to AnyP::ProtocolVersion
static AnyP::ProtocolVersion
ParseProtocolVers
Just noticed that github version of HandShake.cc is much better "patched" than
my humble,pitty attempt to quick-fix the parser. So in the light of self
investigation and the lack of information and experience (I'm sorry for that) I
maybe over-reacted. But now it seems both modifications made i
Hello,
more and more clients aren't browser but are programs, which call a
restapi through our squid proxy.
Those clients aren't able to show the errorpage (ERR_*) from proxy in
case the request wasn't successful for any reason.
I added %err_code and %err_detail, but %err_detail is filled with "
On Wed, Jun 17, 2020 at 10:23 AM Amos Jeffries wrote:
>
> On 16/06/20 1:55 am, Amiq Nahas wrote:
> > Hi Guys,
> >
> > I am trying to use the srv_url_check module to block websites.
> > I have configured squid with proxy authentication and followed this
> > wiki: https://sourceforge.net/p/c-icap/wi
On 6/17/20 9:14 AM, Loučanský Lukáš wrote:
> Just noticed that github version of HandShake.cc is much better "patched"
Squid should have proper support for GREASEd TLS version values (and
more!) since master/v6 commit eec67f0. That very recent change has not
been ported to earlier Squid versions
On 6/17/20 9:17 AM, Dieter Bloms wrote:
> more and more clients aren't browser but are programs, which call a
> restapi through our squid proxy.
>
> Those clients aren't able to show the errorpage (ERR_*) from proxy in
> case the request wasn't successful for any reason.
>
> I added %err_code an
On 18/06/20 1:32 am, Amiq Nahas wrote:
> On Wed, Jun 17, 2020 at 10:23 AM Amos Jeffries wrote:
>>
>> On 16/06/20 1:55 am, Amiq Nahas wrote:
>>> Hi Guys,
>>>
>>> I am trying to use the srv_url_check module to block websites.
>>> I have configured squid with proxy authentication and followed this
>>>
Since you are using ssl-bump, you would need to run it manually from CLI as squid user and see what happens. You will need to reinitialize the certificate directory and test at again. Take a peek at:https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Create_and_initialize_TLS_cert
10 matches
Mail list logo
