-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/10/2014 09:25 PM, HaxNobody wrote:
The proxy runs on Linux (Ubuntu, I believe), and I'm doing my
testing from multiple browsers on Windows 8.1. I have been unable
to find a way to use openssl s_client via a proxy, although I was
able to run
squid -v:
Squid Cache: Version 3.3.10
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--libexecdir=${prefix}/lib/bloxx-squid3' '--srcdir=.'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/11/2014 5:38 a.m., HaxNobody wrote:
Hello,
We are trying to configure Squid with SSL bump in order to filter
traffic with a content filter. We have an existing self-signed root
certificate and private key that we use successfully with
Thanks for the reply. I'm aware of pinning, but this problem is happening on
small and/or insignificant sites that are certainly not pinned, as well as
the larger sites. In addition, our clients are not getting errors due to
pinning on our existing proxy setup, so we're doing something correctly
Alright, I figured out a possible cause. I downloaded the certificate that
the browsers were complaining about, and used openssl verify to verify
against the root certificate that I have. I got error 20, indicating that
squid must not be using the correct root certificate to generate the client
Hello,
We are trying to configure Squid with SSL bump in order to filter traffic
with a content filter. We have an existing self-signed root certificate and
private key that we use successfully with other similar proxy software, and
we wish to re-use it with Squid so that we don't have to