On Sat, 26 Feb 2022 02:06:23 +1300
Amos Jeffries wrote:
> Agreed. Luckily we hear you (Alex and I are pretty much "them" these days).
>
Hopefully I don't sound unappreciative; I'm thankful for the work you've put
into Squid, and the quick and useful responses you've given here on the list,
On Sat, 26 Feb 2022 00:16:30 +1300
Amos Jeffries wrote:
> [...]
>
> There are a few things to be aware of while troubleshooting:
>
> * not all TLS connections can be bump'ed. TLS is designed to prevent
> exactly the type of decrypt that bump does. If the client and server are
> using TLS
On 2/25/22 06:16, Amos Jeffries wrote:
On 24/02/22 15:26, Dave Blanchard wrote:
ssl_bump peek all
Okay TLS handshake clientHello gets observed by Squid.
... and TLS ServerHello. The "all" ACL will match during SslBump step1
_and_ step2
ssl_bump bump all
... now (step3) everything
On 2/24/22 16:49, Dave Blanchard wrote:
This tutorial situation is really out of control. Sadly, this is what
can be expected to happen when the syntax is changed with every
version. Now we're in a real mess. I hope the Squid developers will
make up their minds on how they want the syntax to be
On 25/02/22 10:49, Dave Blanchard wrote:
On Thu, 24 Feb 2022 15:07:53 -0500
Alex Rousskov wrote:
What is the replacement for client-first?
A "good" answer depends on what exactly you are trying to achieve;
details matter. A "dumb" answer (i.e. a direct replacement without
considering your
On 25/02/22 05:41, Grant Taylor wrote:
On 2/24/22 9:08 AM, Alex Rousskov wrote:
"more examples" is hardly the answer.
I believe that "more examples" can be additional data that someone can
derive information ~> knowledge from.
Or said another way, it's a step in the proper direction.
At
On 24/02/22 15:26, Dave Blanchard wrote:
Hello, I'm trying to configure Squid as a HTTPS cache on my local computer,
using ssl-bump. I've got it working as a basic proxy, but the traffic seems to
just be tunneling through and not being cached.
Do you actually get at least *2* (maybe 3) Squid
On Thu, 24 Feb 2022 15:07:53 -0500
Alex Rousskov wrote:
> > What is the replacement for client-first?
>
> A "good" answer depends on what exactly you are trying to achieve;
> details matter. A "dumb" answer (i.e. a direct replacement without
> considering your true needs and Squid bugs) is:
>
On 2/24/22 14:38, Dave Blanchard wrote:
> ssl_bump client-first all
What is the replacement for client-first?
A "good" answer depends on what exactly you are trying to achieve;
details matter. A "dumb" answer (i.e. a direct replacement without
considering your true needs and Squid bugs)
On Thu, 24 Feb 2022 14:22:25 -0500
Alex Rousskov wrote:
> [...]
>
> action is supposed to be doing. Legacy actions mentioned there,
> including client-first, should be treated as unsupported, having unknown
> side effects, and meant to be removed from Squid (yesterday). YMMV.
What is the
On 2/24/22 13:24, Dave Blanchard wrote:
ssl_bump client-first all
ssl_bump stare all
ssl_bump splice localhost
Bugs notwithstanding, the above configuration is equivalent to the
configuration below:
ssl_bump client-first all
The following wiki page can be used to find out what each
On Thu, 24 Feb 2022 12:24:35 -0600
Dave Blanchard wrote:
> (Note for any other confused noobs reading this: this configuration
> apparently requires Squid to be compiled with --with openssl and
> --with-ssl-crtd options on the 'configure' command line; or at least it did
> in older versions,
On Thu, 24 Feb 2022 11:08:48 -0500
Alex Rousskov wrote:
> On 2/23/22 22:09, Dave Blanchard wrote:
> > OK--I solved the problem by removing the "ssl_bump bump all" line.
> > Works fine now.
>
> > Damn, this proxy is a TOTAL PAIN IN THE ASS!! to configure. It seems
> > like 90% of the tutorials
On 2/23/22 22:09, Dave Blanchard wrote:
OK--I solved the problem by removing the "ssl_bump bump all" line.
Works fine now.
Damn, this proxy is a TOTAL PAIN IN THE ASS!! to configure. It seems
like 90% of the tutorials out there are junk, largely because things
keep changing from version to
ave Blanchard
> Sent: Thursday, February 24, 2022 05:09
> To: squid-users@lists.squid-cache.org
> Subject: [squid-users] Trying to set up SSL cache - solved!
>
> OK--I solved the problem by removing the "ssl_bump bump all" line. Works
> fine now.
>
> Damn, this proxy
On 23.02.22 21:09, Dave Blanchard wrote:
OK--I solved the problem by removing the "ssl_bump bump all" line. Works fine
now.
Damn, this proxy is a TOTAL PAIN IN THE ASS!! to configure.
configuring proxy is very easy, bumping SSL is not.
Since SSL is designed to encrypt traffic between ende
-Original Message-
From: squid-users On Behalf Of
Dave Blanchard
Sent: Thursday, February 24, 2022 05:09
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Trying to set up SSL cache - solved!
OK--I solved the problem by removing the "ssl_bump bump all" line. Works
fine
OK--I solved the problem by removing the "ssl_bump bump all" line. Works fine
now.
Damn, this proxy is a TOTAL PAIN IN THE ASS!! to configure. It seems like 90%
of the tutorials out there are junk, largely because things keep changing from
version to version, obsoleting them. That having been
Hello, I'm trying to configure Squid as a HTTPS cache on my local computer,
using ssl-bump. I've got it working as a basic proxy, but the traffic seems to
just be tunneling through and not being cached. My web browser shows the site's
actual certificate, rather than the locally generated
19 matches
Mail list logo