Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available)
Hello, after changing http to https it still give protocol not available... 2014-04-17 11:00 GMT+02:00 Ict Security ict.security@gmail.com: Oh.. excuse me! I was wrong! 2014-04-17 10:26 GMT+02:00 Amm ammdispose-sq...@yahoo.com: Please ask in mailing list not personally. Everybody there will help you. I did whatever I knew. Thanks Amm. From: Ict Security ict.security@gmail.com To: Amm ammdispose-sq...@yahoo.com Sent: Thursday, 17 April 2014 1:51 PM Subject: Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available) It still says protocol not available... Thank you Francesco
Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available)
I wll try to test the issue later. notice that in the case of chrome browser and spdy the issue might be really protocol not avaliable and you will maybe need to disable the usage of spdy. try to disable anything related to prefetch. What browser what OS? Eliezer On 04/17/2014 12:01 PM, Ict Security wrote: Hello, after changing http to https it still give protocol not available... 2014-04-17 11:00 GMT+02:00 Ict Security ict.security@gmail.com: Oh.. excuse me! I was wrong! 2014-04-17 10:26 GMT+02:00 Amm ammdispose-sq...@yahoo.com: Please ask in mailing list not personally. Everybody there will help you. I did whatever I knew. Thanks Amm. From: Ict Security ict.security@gmail.com To: Amm ammdispose-sq...@yahoo.com Sent: Thursday, 17 April 2014 1:51 PM Subject: Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available) It still says protocol not available... Thank you Francesco
Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available)
Hello, i have the problem with both Explorer and firefox; i do not think i have configured spdy... Thank you! Francesco 2014-04-17 19:59 GMT+02:00 Eliezer Croitoru elie...@ngtech.co.il: I wll try to test the issue later. notice that in the case of chrome browser and spdy the issue might be really protocol not avaliable and you will maybe need to disable the usage of spdy. try to disable anything related to prefetch. What browser what OS? Eliezer On 04/17/2014 12:01 PM, Ict Security wrote: Hello, after changing http to https it still give protocol not available... 2014-04-17 11:00 GMT+02:00 Ict Security ict.security@gmail.com: Oh.. excuse me! I was wrong! 2014-04-17 10:26 GMT+02:00 Amm ammdispose-sq...@yahoo.com: Please ask in mailing list not personally. Everybody there will help you. I did whatever I knew. Thanks Amm. From: Ict Security ict.security@gmail.com To: Amm ammdispose-sq...@yahoo.com Sent: Thursday, 17 April 2014 1:51 PM Subject: Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available) It still says protocol not available... Thank you Francesco
[squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available)
Hello to everybody, we use Squid for http transparent proxyging and everything is all right. I followed some howtos and we add SSL Bump transparent interception. In squid.conf i have: http_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem acl broken_sites dstdomain .example.com ssl_bump none localhost ssl_bump none broken_sites ssl_bump server-first all sslcrtd_program /usr/lib/squid/ssl_crtd -s /usr/lib/squid/ssl_db -M 4MB sslcrtd_children 30 and in iptables i added this directive: -A PREROUTING -p tcp -s 192.168.10.8 --dport 443 -j DNAT --to-destination 192.168.10.254:3127 HTTP surfing is still right, but when i connect, as example, to https://www.google.com browser returns page error and i have these log: 2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.254:3127 remote=192.168.10.8:58831 FD 15 flags=33: (92) Protocol not available 2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.254:3127 remote=192.168.10.8:58832 FD 15 flags=33: (92) Protocol not available 2014/04/16 16:08:27 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.10.254:3127 remote=192.168.10.8:58833 FD 15 flags=33: (92) Protocol not available I read some similar post but i did not apply, and find, the solution. Thank you a log and best regards! Francesco
Re: [squid-users] Squid 3.4.4 and SSL Bump not working (error (92) Protocol not available)
On 04/16/2014 07:45 PM, Ict Security wrote: Hello to everybody, we use Squid for http transparent proxyging and everything is all right. http_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem -A PREROUTING -p tcp -s 192.168.10.8 --dport 443 -j DNAT --to-destination 192.168.10.254:3127 for 443 intercept use https_port not http_port. Amm.
