Re: [squid-users] can squid use dns server on random port(non-53)?

Hello, On Tue, Jun 26, Gordon Hsiao wrote: > checked the manual it seems I can only set dnsserver with a new IP, is it > possible to make squid support non-standard DNS port, e.g. 5353? maybe you can use a dns resolver like unbound, dnscache, dnsmasq, which can be configure to listen on

[squid-users] can squid use dns server on random port(non-53)?

checked the manual it seems I can only set dnsserver with a new IP, is it possible to make squid support non-standard DNS port, e.g. 5353? Thanks, Gordon ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] Adobe CC behing Squid

On 26/06/18 20:53, admin wrote: > Hello Amos, > > Adobe Cloud starts and asks correctly for proxy-authentification. > Then it tries to connect and gets a timeout and tries and... > > In Access.log I only see a connect to Adobe.com: > TCP_TUNNEL:HIER_DIRECT > Hmm, that sounds like the traffic is

Re: [squid-users] ACL vs redirector order

On 27/06/18 09:51, Gordon Hsiao wrote: > Assuming I allow a domain to pass in ACL, but deny it in my redirector, > which one will work? > > Also, assuming I deny a domain in squid.conf, but allow in in the > redirector, which one will take precedence? > > Will there be a difference for the above

Re: [squid-users] when will squid 4 be production ready?

On 27/06/18 04:12, Gordon Hsiao wrote: > squid4 has been released for quite a while, when will it be production > ready or any rough timeline on the horizon? > Here's hoping. Amos

[squid-users] ACL vs redirector order

Assuming I allow a domain to pass in ACL, but deny it in my redirector, which one will work? Also, assuming I deny a domain in squid.conf, but allow in in the redirector, which one will take precedence? Will there be a difference for the above when peek+splice / peek+bump was used? Thanks,

Re: [squid-users] Trust a particular CA only for a limited domain

On 06/26/2018 07:22 AM, Ahmad, Sarfaraz wrote: > I need to provide access to my clients to a service on the internet that > is using a private CA. > > I do not want to trust that CA outside the scope of that destination > domain.  (The thought is to not just blindly trust a random CA, rather > if

Re: [squid-users] Chrome 67 Issue with SSL Bump

Let me try the below solution , but if thats the case it shouldn't work with other browsers as well , what i think is chrome is either not reading my cert or rejecting it . Unsure . Amit On 6/26/18 10:38 PM, Walter H. wrote: On 26.06.2018 19:03, Amit pasari wrote: Dear Walter I have tried

Re: [squid-users] Splice using SubjectCN/SAN from remote server certificate

On 06/25/2018 11:42 PM, Ahmad, Sarfaraz wrote: > we cannot look at the SubjectCN/SAN in the remote server certificate > and then decide whether we want to splice or bump. (peeking at step > 2 really restricts our options) Is my understanding correct ? Or is > there a way to accomplish this ? In

Re: [squid-users] Chrome 67 Issue with SSL Bump

On 26.06.2018 19:03, Amit pasari wrote: Dear Walter I have tried with both SHA1 and SHA256 cert . Sent from my iPhone On Jun 26, 2018, at 9:43 PM, Walter H. > wrote: On 26.06.2018 17:22, Amit Pasari - XS INFOSOL Inc. USA wrote: I am using squid in

Re: [squid-users] Chrome 67 Issue with SSL Bump

Dear Walter I have tried with both SHA1 and SHA256 cert . Sent from my iPhone > On Jun 26, 2018, at 9:43 PM, Walter H. wrote: > >> On 26.06.2018 17:22, Amit Pasari - XS INFOSOL Inc. USA wrote: >> I am using squid in transparent mode . Everything working fine in Firefox >> and IE after i

[squid-users] when will squid 4 be production ready?

squid4 has been released for quite a while, when will it be production ready or any rough timeline on the horizon? Some little features are attractive such as automatic intermediate CA download. on another notes, it would be great if someone can update Squid book on 3.5/4.x, especially on

Re: [squid-users] Chrome 67 Issue with SSL Bump

On 26.06.2018 17:22, Amit Pasari - XS INFOSOL Inc. USA wrote: I am using squid in transparent mode . Everything working fine in Firefox and IE after i have imported the certificate in both the browser , but in Chrome 67 version on Windows 10 i am facing the below issue

[squid-users] Chrome 67 Issue with SSL Bump

Dear All, I am using squid ver.3.5.26 on centos 6.7 with below configuration . = http_port 3128 intercept https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/myssl/public.pem capath=/etc/ssl/certs

[squid-users] Trust a particular CA only for a limited domain

I need to provide access to my clients to a service on the internet that is using a private CA. I do not want to trust that CA outside the scope of that destination domain. (The thought is to not just blindly trust a random CA, rather if we have to, we limit it to the particular domain.) Can

Re: [squid-users] Splice using SubjectCN/SAN from remote server certificate

On 26/06/18 17:42, Ahmad, Sarfaraz wrote: > I realize that unlike other proprietary MITM appliances, Squid doesn't fiddle > with the original client hello. That is not strictly true. It depends on what you have configured Squid to do. Squid does adjust the TLS extensions to only allow features