Hi there
Weird. sslbump seems to be working well, even intercepts twitter.com
fine under FF-33 (with it's pinning support, due to
security.cert_pinning.enforcement_level=1)
However, facebook.com generates a sec_error_inadequate_key_usage
error. I cranked up debugging and see this. As you can
Hello Amos,
I'm just trying to create forceful re-authentication , this is just for
curiosity to see how things works by changing the credentialsttl value in
the conf file .I have set it as 2 mnutes and below is what it looks in conf
file , but i dont get any reprompting for username and password
On 16/10/14 20:54, Jason Haar wrote:
I also checked the ssl_db/certs dir and
removed the facebook certs and restarted - didn't help
let me rephrase that. I deleted the dirtree and re-ran ssl_crtd -s
/usr/local/squid/var/lib/ssl_db -c - ie restarted with an empty cache.
It didn't help. It created
On 10/16/2014 02:35 PM, Jason Haar wrote:
On 16/10/14 20:54, Jason Haar wrote:
I also checked the ssl_db/certs dir and
removed the facebook certs and restarted - didn't help
let me rephrase that. I deleted the dirtree and re-ran ssl_crtd -s
/usr/local/squid/var/lib/ssl_db -c - ie restarted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/10/2014 9:29 p.m., santosh wrote:
Hello Amos,
I'm just trying to create forceful re-authentication , this is just
for curiosity to see how things works by changing the
credentialsttl value in the conf file .I have set it as 2 mnutes
and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/10/2014 9:13 p.m., apfelstrudel wrote:
Hello. I am trying to get ssl-bump to decrypt https traffic
transparently so that I could filter out adult videos from youtube
and to globally enforce google safesearch on my network with
diladele web
Hello Strudel,
Please remove the 'ssl_bump client-first all' directive from your squid.conf
because the 'include /opt/qlproxy/etc/squid/squid.acl' already contains
'ssl_bump server-first all' (or should contain).
This file is generated from Web UI of Diladele when you click the enable ssh
This question is neither exactly squid-related nor Heimdal-related, but
maybe someone guru could shed some light.
I configure MSIE to use the proxy server proxy.sibptus.transneft.ru.
On starting MSIE, some Windows hosts request a ticket for the
principal HTTP/proxy.sibptus.transneft.ru and
A patch for this bug attached to 4102 bug report.
Please test it and report any problem.
Regards,
Christos
On 10/16/2014 12:14 PM, Amm wrote:
On 10/16/2014 02:35 PM, Jason Haar wrote:
On 16/10/14 20:54, Jason Haar wrote:
I also checked the ssl_db/certs dir and
removed the facebook
Hi Victor,
That sounds a bit strange. Can you capture with wireshark the traffic on
port 88 on the system which has squiduser in the cache ( best after a clear
the cache with kerbtray first) when accessing squid and send it to me as cap
file ?
Markus
Victor Sudakov wrote in message
Had a use case to ask about, apologies if I missed in docs. Is there a
configuration that allows squid running as forward proxy to add a
custom response header containing the origin server IP address that
served the resource? Assuming no cache hierarchy.
In the event that the resource is served
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/10/2014 8:10 a.m., Darren Spruell wrote:
Had a use case to ask about, apologies if I missed in docs. Is
there a configuration that allows squid running as forward proxy to
add a custom response header containing the origin server IP
address
On Thu, Oct 16, 2014 at 12:40 PM, Amos Jeffries squ...@treenet.co.nz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/10/2014 8:10 a.m., Darren Spruell wrote:
Had a use case to ask about, apologies if I missed in docs. Is
there a configuration that allows squid running as forward
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/10/2014 9:29 a.m., Darren Spruell wrote:
On Thu, Oct 16, 2014 at 12:40 PM, Amos Jeffries
squ...@treenet.co.nz wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 17/10/2014 8:10 a.m., Darren Spruell wrote:
Had a use case to ask about,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/10/2014 3:35 a.m., daniel.rie...@gmx.net wrote:
Hi guys,
I got a problem with DEAD Parent detection. I've configured 2
parents in squid.conf:
cache_peer 10.0.0.101 parent 3128 0 default name=TEST1 cache_peer
10.0.0.102 parent 3128 0
here is the relevent part of cache.log from a fresh restart and immediately
trying to access this https site...getting a fwdNegotiateSSL: Error
negotiating SSL connection.
*2014/10/16 14:40:07 kid1| Starting Squid Cache version
3.4.8-20140915-r13174 for x86_64-unknown-linux-gnu...*
*2014/10/16
And this is the error page Squid generates...
The following error was encountered while trying to retrieve the URL:
://204.44.2.199:443 https://www.bankofthewest.com/://204.44.2.199:443
*Failed to establish a secure connection to 204.44.2.199*
The system returned:
(71) Protocol error (TLS
On Thu, Oct 16, 2014 at 1:53 PM, Amos Jeffries squ...@treenet.co.nz wrote:
I view the Via header as similar to the Received header in SMTP.
In this case it's added by other proxies/caches, correct?
Thats a good analogy, but not quite. It MUST be added by all proxies
including Squid.
I believe my problem relates to a previous post regarding TLS fallback
http://www.mail-archive.com/squid-users%40squid-cache.org/msg95916.html in
the squid-users list.
Has there been any progress with sslbump and tls fallback to tls1.0 if
tls1.2/tls1.1 fails?
On Wed, Oct 15, 2014 at 1:43 PM,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/10/2014 1:30 p.m., Robert Watson wrote:
I believe my problem relates to a previous post regarding TLS
fallback
http://www.mail-archive.com/squid-users%40squid-cache.org/msg95916.html
in the squid-users list. Has there been any progress with
Doing a search on the main squid page gives me this:
The requested URL /cgi-bin/swish-query.cgi was not found on this server.
Maybe better doing a google search anyway?
James
___
squid-users mailing list
squid-users@lists.squid-cache.org
Markus Moeller wrote:
That sounds a bit strange. Can you capture with wireshark the traffic on
port 88 on the system which has squiduser in the cache ( best after a clear
the cache with kerbtray first) when accessing squid and send it to me as cap
file ?
I am attaching a traffic dump.
Hi.
On 17.10.2014 11:02, Victor Sudakov wrote:
I am attaching a traffic dump.
Please look at Frame No. 36, where a ticket is requested for
HTTP/proxy.sibptus.transneft.ru, and then at Frame No. 39, where
the ticket is granted, but for the wrong principal name.
The thing is, valid exchange
23 matches
Mail list logo