Re: [squid-users] ERROR: Unknown TLS option clientca

Thanks a lot, just tried the patch, sadly still not working. Best Logan Alex Rousskov , 12 Tem 2018 Per, 22:03 tarihinde şunu yazdı: > On 07/12/2018 07:58 PM, login mogin wrote: > > Or should I report this as a bug? > > Your call, but it is a bug. You can also try the following _untested_ >

Re: [squid-users] ERROR: Unknown TLS option clientca

On 07/12/2018 07:58 PM, login mogin wrote: > Or should I report this as a bug? Your call, but it is a bug. You can also try the following _untested_ patch: https://github.com/squid-cache/squid/pull/252.patch Good luck, Alex. > On Thu, Jul 12, 2018 at 4:11 AM login mogin wrote: > > Hi, >

Re: [squid-users] ERROR: Unknown TLS option clientca

Do you guys have any idea on this? Or should I report this as a bug? On Thu, Jul 12, 2018 at 4:11 AM login mogin wrote: > Hi, > > We have been using squid 3.5.23 on ubuntu 16 with the configuration > clientca=CERTPATH without any problem. We decided to run the new version > squid 4.1 on ubuntu

[squid-users] parse URL too large (10001 bytes) error

I am seeing from google video links in the cache.log at squid 4.1: 2018/07/13 03:31:39 kid1| parse URL too large (10016 bytes) 2018/07/13 03:31:42 kid1| parse URL too large (10001 bytes) I will file a report later. Eliezer Eliezer Croitoru Linux

Re: [squid-users] squid 3.5.27 does not respect cache_dir-size but uses 100% of partition and fails

Gear! I am testing it with 4.1 since UFS and AUFS are great but... doesn't support SMP. Eliezer * another thread on the way to the list. Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: Alex Rousskov

Re: [squid-users] Delay pools in squid4 not working with https

> -Mensaje original- > De: Julian Perconti [mailto:vh1...@yahoo.com.ar] > Enviado el: jueves, 12 de julio de 2018 21:24 > Para: 'squid-users@lists.squid-cache.org' cache.org> > Asunto: RE: [squid-users] Delay pools in squid4 not working with https > > > -Mensaje original- > > De:

Re: [squid-users] Delay pools in squid4 not working with https

> -Mensaje original- > De: Alex Rousskov [mailto:rouss...@measurement-factory.com] > Enviado el: jueves, 12 de julio de 2018 21:20 > Para: Julian Perconti ; squid-users@lists.squid- > cache.org > Asunto: Re: [squid-users] Delay pools in squid4 not working with https > > On 07/12/2018

Re: [squid-users] squid 3.5.27 does not respect cache_dir-size but uses 100% of partition and fails

On 07/12/2018 06:20 PM, Eliezer Croitoru wrote: > From the docs: > http://www.squid-cache.org/Versions/v4/cfgman/cache_swap_low.html > > I see that this is only for UFS/AUFS/diskd and not rock cache_dir. > What about rock cache_dir? Rock cache_dirs cannot overflow by design. Rock reserves a

Re: [squid-users] Delay pools in squid4 not working with https

On 07/12/2018 06:16 PM, Julian Perconti wrote: >> De: Alex Rousskov >> If you start splicing/tunneling, it will probably stop working. > Ok, but is not is supposed that this is the normal behaviour? No, Squid should apply delay pools to all traffic. > I mean, TCP_TUNNEL = squid forward, so

Re: [squid-users] squid 3.5.27 does not respect cache_dir-size but uses 100% of partition and fails

Hey Amos, From the docs: http://www.squid-cache.org/Versions/v4/cfgman/cache_swap_low.html I see that this is only for UFS/AUFS/diskd and not rock cache_dir. What about rock cache_dir? Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il

Re: [squid-users] Delay pools in squid4 not working with https

> -Mensaje original- > De: Alex Rousskov [mailto:rouss...@measurement-factory.com] > Enviado el: jueves, 12 de julio de 2018 21:03 > Para: Julian Perconti ; squid-users@lists.squid- > cache.org > Asunto: Re: [squid-users] Delay pools in squid4 not working with https > > On 07/12/2018

Re: [squid-users] Delay pools in squid4 not working with https

On 07/12/2018 05:42 PM, Julian Perconti wrote: >> De: Alex Rousskov >> On 07/12/2018 05:19 PM, Julian Perconti wrote: >> >>> From my side, the tests were done with full SSL-Bump; downloading a >>> file from: https://speed.hetzner.de/ >>> >>> No splice. >> My "not working" statement was specific

Re: [squid-users] Delay pools in squid4 not working with https

> De: Alex Rousskov [mailto:rouss...@measurement-factory.com] > Enviado el: jueves, 12 de julio de 2018 20:31 > Para: Julian Perconti ; squid-users@lists.squid- > cache.org > Asunto: Re: [squid-users] Delay pools in squid4 not working with https > > On 07/12/2018 05:19 PM, Julian Perconti wrote:

Re: [squid-users] Delay pools in squid4 not working with https

On 07/12/2018 05:19 PM, Julian Perconti wrote: > From my side, the tests were done with full SSL-Bump; downloading a file > from: https://speed.hetzner.de/ > > No splice. My "not working" statement was specific to tunneling code. When Squid bumps, it does not tunnel, so your tests did not

Re: [squid-users] question about squid and https connection .

On 13/07/18 08:27, Eliezer Croitoru wrote: > Alex, > > Just to be sure: > Every RSA key and certificate pair regardless to the origin server and the > SSL-BUMP enabled proxy can be different. > If the key would be the exact same one then we will probably have a very big > security issue/risk to

Re: [squid-users] question about squid and https connection .

On 07/12/2018 02:35 PM, Eliezer Croitoru wrote: > Every RSA key and certificate pair regardless to the origin server > and the SSL-BUMP enabled proxy can be different. I cannot find a reasonable interpretation of the above that would contradict what I have said. Yes, each unique certificate has

Re: [squid-users] question about squid and https connection .

Hi Ahmad, Proxy will just change your ip when you are connecting FB in this way, But FB probably has or at least should, so many other ways to detect if thats the same person connecting, just to name one browser based profiling. They have your user_agent, browser extensions, cookies, etc.. In

Re: [squid-users] Delay pools in squid4 not working with https

On 12/07/18 11:39, Julian Perconti wrote: >>> >>> El ‎martes‎, ‎10‎ de ‎julio‎ de ‎2018‎ ‎18‎:‎57‎:‎43‎ ‎-03, Alex Rousskov >>> escribió: >>> >>> >>> On 07/10/2018 01:50 PM, Paolo Marzari wrote: My home server just updated from 3.5.27, everything is working fine, but delay pools seems

Re: [squid-users] squid 3.5.27 does not respect cache_dir-size but uses 100% of partition and fails

On 13/07/18 04:16, Alex Rousskov wrote: > On 07/12/2018 05:53 AM, pete dawgg wrote: > > >> When there is no traffic squid seems to cleaning up well enough: over >> night (no traffic) disk usage went down to 30GB (now it's at 50GB >> again) > > This may be a sign that your Squid cannot keep up

Re: [squid-users] question about squid and https connection .

TAHNK YOU Guys ALL . so my question is in another way is : if i have squid proxy using it using the TCP_Connect way . and from the same pc and same browser and try to open facebook from 200 different address . then facebook wont have a footprint that there is 200 different addresses hit FB

Re: [squid-users] question about squid and https connection .

Alex, Just to be sure: Every RSA key and certificate pair regardless to the origin server and the SSL-BUMP enabled proxy can be different. If the key would be the exact same one then we will probably have a very big security issue/risk to my understanding (leaving aside DH). Will it be more

Re: [squid-users] question about squid and https connection .

On 07/12/2018 01:17 PM, --Ahmad-- wrote: > if i have pc# 1 and that pc open facebook . > > then i have other pc # 2 and that other pc open facebook . > > > now as we know facebook is https . > > so is the key/ cert that used on pc # 1 is same as cert in pc # 2 to decrypt > the fb encrypted

[squid-users] Squid 4.1 "- TCP_DENIED/403' and IPv6 while "dns_v4_first on"

I'm testing Squid 4.1 and my proxy is showing TCP_DENIED when fetching certificates like this: 1531425362.414 00 - TCP_DENIED/403 3661 GET http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt - HIER_NONE/- text/html;charset=utf-8 Q-CC: "-" "-" Q-P: "-" "-" Q-RANGE: "-"

[squid-users] question about squid and https connection .

my 1st Q. if i have pc# 1 and that pc open facebook . then i have other pc # 2 and that other pc open facebook . now as we know facebook is https . so is the key/ cert that used on pc # 1 is same as cert in pc # 2 to decrypt the fb encrypted traffic ? now in the presence of squid . if

Re: [squid-users] squid 3.5.27 does not respect cache_dir-size but uses 100% of partition and fails

On 07/12/2018 05:53 AM, pete dawgg wrote: > I have set workers 8 just recently; but the disk full error had > definitely been occuring before. AUFS cache_dirs are not compatible with SMP Squid. Removing workers was the right thing to do even if that incompatibility was not causing disk

Re: [squid-users] minimize squid memory usage

Unfortunately, none of those alternatives can deal with https(peek or bump) as far as I can tell, and these days https is a must for proxy. Gordon >From: Leonardo Rodrigues >To: squid-users@lists.squid-cache.org >Subject: Re: [squid-users] minimize squid memory usage >Message-ID:

Re: [squid-users] squid 3.5.27 does not respect cache_dir-size but uses 100% of partition and fails

THX for your reply! > Betreff: Re: [squid-users] squid 3.5.27 does not respect cache_dir-size but > uses 100% of partition and fails > > On 07/11/2018 04:39 AM, pete dawgg wrote: > > > cache_dir aufs /mnt/cache/squid 75000 16 256 > > > FATAL: Ipc::Mem::Segment::open failed to

[squid-users] ERROR: Unknown TLS option clientca

Hi, We have been using squid 3.5.23 on ubuntu 16 with the configuration clientca=CERTPATH without any problem. We decided to run the new version squid 4.1 on ubuntu 18 with the same config. But now client certificate auth is not working anymore and we got this message on debug: ERROR: Unknown

Re: [squid-users] Problems with peek and slice through parent proxy

Hello again, Thanks for any help. It´s an forward Proxy only and my users plan to connect to a cloud in the internet. The parent proxy, that I have to deal with, is not administrated by me or any of my colleges. (It´s the ISP proxy) I can't make any changes to the parent. The plan is, that