On 14/10/2015 1:13 p.m., Dan Charlesworth wrote: > Throwing this out to the list in case anyone else might be trying to get SSL > Bump to work with the latest version of Safari. > > Every other browser on OS X (and iOS) is happy with bumping for pretty much > all HTTPS sites, so long as the proxy’s CA is trusted. > > However Safari throws generic “secure connection couldn’t be established” > errors for many popular HTTPS sites in including: > - wikipedia.org > - mail.google.com > - twitter.com > - github.com > > But quite a number of others work, such as youtube.com. > > This error gets logged to the system whenever it occurs: > com.apple.WebKit.Networking: NSURLSession/NSURLConnection HTTP load failed > (kCFStreamErrorDomainSSL, -9802) > > Apparently this is related to Apple’s new “App Transport Security” > protections, in particular, the fact that “the server doesn’t support forward > secrecy”. Even though it doesn’t seem to be affecting mobile Safari on iOS 9 > at all. > > It’s also notable that Safari seems perfectly happy with legacy server-first > SSL bumping. > > I’m using Squid 3.5.10 and this is my current config: > https://gist.github.com/djch/9b883580c6ee84f31cd1 > > Anyone have any idea what I can try?
You can try bump at step3 (roughly equivalent to server-first) instead of step2 (aka client-first). Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
