The answer why you only see it on Chrome is because since Chrome >= 41: "Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “affirmatively insecure”. Subresources from such domain will be treated as “active mixed content”." Source: https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
Best regards On Wed, Aug 31, 2016 at 5:24 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 08/31/2016 09:15 AM, Amos Jeffries wrote: > > On 1/09/2016 2:26 a.m., erdosain9 wrote: > >> Hi. > >> Im using ssl-bump.. all ir working fine, but i want to know if it is > >> possible that which is not seen crossed out and red "https". > >> This happen just in Chrome > >> This page is insecure (broken HTTPS) > >> SHA-1 Certificate > >> The certificate for this site expires in 2017 or later, and the > certificate > >> chain contains a certificate signed using SHA-1. > > Sounds like you are running an old Squid version. > > > > This requires changes to the certificate generator used by SSL-Bump. > > IIRC there were some patches, but I can't find them right now in the > > changesets. If the issue exists in current releases then please ask on > > squid-dev. > > See http://www.squid-cache.org/Doc/config/sslproxy_cert_sign_hash/ > > > > Of course, its possible the site realy does have a SHA1 certificate and > > Squid is just passing on the real details. The mimic feature is designed > > to ensure TLS is actually transparent as best we can manage. > > I have not checked, but I doubt we mimic the signing algorithm (because > it would make client-Squid communication less secure?). If we do, we > should update the wiki page that lists what is being mimicked. > > > HTH, > > Alex. > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- -------- Diogenes S. de Jesus
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
