I'm running squid4.1 interception peek+splice mode. Some sites with HSTS(max-age=0) will not work whenever squid is on, HSTS max-age=0 is supposed to turn off HSTS, but chrome/firefox will keep redirecting https<-->http until it failed(too many redirects). Once Squid is removed all is good.
I also searched various lists and squid's website, it's still unclear to me, for intercept proxy, can Squid deal with HSTS reliably these days? A similar questions is HPKP, or the pinning certificate, can Squid 4.1 handle that? When no HSTS/HPKP is involved, it seems all sites work well. Gordon
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
