Yuri Do you haber something diferent in your config?
Thanks El 02/01/2016 17:18, "Yuri Voinov" <yvoi...@gmail.com> escribió: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Don't think so. > > Google's HTTPS's works for me without any alerts in Chrome :) With bump! ;) > > 03.01.16 2:12, Nir Krakowski пишет: > > Its called certificate pinning: > > https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning > > > > Nir. > > > > On Sat, Jan 2, 2016 at 9:11 PM, Alejandro Martinez > <ajm.marti...@gmail.com> <ajm.marti...@gmail.com> > > wrote: > > > >> Hi all, > >> > >> I'm using squid 3.5.12. > >> > >> This is my relevant config: > >> > >> *http_port 881* > >> *http_port 880 intercept* > >> *https_port 843 intercept ssl-bump generate-host-certificates=on > >> dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/cert.pem key=* > >> */usr/local/squid/etc**/cert.pem options=NO_SSLv3:NO_SSLv2 > >> > cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH* > >> *sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s * > >> */usr/local/squid/etc/**ssl/certs -M 4MB sslcrtd_children 8 startup=1 > >> idle=1* > >> > >> *#### Denied Users* > >> *acl equipos_denegados src "**/usr/local/squid/etc**/equipos_denegados"* > >> *http_access deny equipos_denegados* > >> *deny_info DENY equipos_denegados* > >> > >> *#### Allowed users* > >> *acl equipos_permitidos src > "/**usr/local/squid/etc**/equipos_permitidos"* > >> *http_access allow equipos_permitidos* > >> *####* > >> > >> *#### Denied Sites* > >> *acl sitios_denegados dstdomain "**/usr/local/squid/etc* > >> */sitiosdenegados"* > >> *http_access deny sitios_denegados* > >> *####* > >> > >> *#### Block HTTPS* > >> *acl blockhttps ssl::server_name "/**usr/local/squid/etc* > >> */sitiosdenegados"* > >> *ssl_bump terminate blockhttps* > >> *ssl_bump splice equipos_permitidos* > >> *ssl_bump peek all* > >> *ssl_bump splice all* > >> *####* > >> > >> *sslproxy_cert_error allow all* > >> *sslproxy_flags DONT_VERIFY_PEER* > >> *sslproxy_options NO_SSLv3:NO_SSLv2* > >> > >> > >> Basically I'm using squid to allow everything and deniy some users > (hosts) > >> and some sites (http and https). > >> > >> If I use IE or Firefox (Win/Lin), everything works great, if I access a > >> site via HTTP the user see a message and if he access via HTTPS the > >> conecction is terminated and there is an error on the browser. > >> > >> But, If I access any google site using chrome (windows / linux) the > sites > >> are getting bumped (google.com, google.com.X youtube.com, etc) > >> > >> The browser complains with a "Your conecction is not private" and the > >> certificate is my own certificate. > >> > >> I'm missing something ? > >> > >> I only what to splice everythng. > >> > >> Thanks > >> > >> > >> _______________________________________________ > >> squid-users mailing list > >> squid-users@lists.squid-cache.org > >> http://lists.squid-cache.org/listinfo/squid-users > >> > >> > > > > > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJWiDCiAAoJENNXIZxhPexGoQgH/3tVYeLA0ymswptTFgXCafjD > 4dVdYyeqUklxAD1Z9kdTAwebKr8gCum+pSJJti474hjNpgQQlHsTc/syxMxMJGsF > Z2V0e1GCFjhDf+PBoBRIO0tJw5fhSR7RUhWT5HeZ5OuP412XtjyLH1eRJqKShh+x > VBL+7btpC5CwhDyHtM35UXCwM43tkuXo3uF8FibZn3AgxKM7EZJ0NndwK5od0kW1 > PaTmUqeODXJZdXjceVF4dYeTt6GfSvzfrtXiPMIogk0w0Z2bJi5Sj/w7tr1x7VPH > ls8kccXKVCKp0kigoEMLD86DzznKd1c4r+rZguEGycQQfN8MIpzc8wQZEm61nx0= > =aiMO > -----END PGP SIGNATURE----- > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
