-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
does anybody know what is the matter with www1.ngtech.co.il? This is
the source for RPM packages of squid but it seems to be dried up for
some days now.
Regards
- --
Henri Wahl
IT Department
Leibniz-Institut fuer Festkoerper- u.
Yuri,
We’re trying that :
- Tproxy
- ssl_bump bump all
does not work.
We have followed the squid wiki regarding iptables rules, sysctl, etc…
Instead “ssl_bump bump all”, if we use “ssl_bump server-first all” , it works,
the https is decrypted.
So is the tproxy
Yuri,
So what’s next ?
Do you mean we must “do-not-ssl-bump” wrong certificats ?
And if a certificate not yet identified is requested by an user it’ll crash the
Squid ?
Any idea how to fix that issue ?
Thanks in advance.
Bye Fred
De : Yuri Voinov [mailto:yvoi...@gmail.com]
Yury,
I checked the source code (3.4/3.5) ssl_crtd, the default size is 2048.
-b fs_block_size File system block size in bytes. Need for processing
natural size of certificate on disk. Default value is
2048 bytes.
/**
\ingroup ssl_crtd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don't think this is critical. What is native fs block size?
09.04.15 13:29, Stakres пишет:
Hi Yuri,
We have checked the sslproxy_capath, all certifs updated.
OpenSSL is: OpenSSL 1.0.1e 11 Feb 2013 (Debian 7.8)
Additional point, the
What I found, was I couldn't yum install . yum update but I would
directly download the rpm with wget (with out a proxy as well !).
strange !
On 9 April 2015 at 16:47, Henri Wahl h.w...@ifw-dresden.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
does anybody know what is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don't think this is critical. What is native fs block size?
09.04.15 13:29, Stakres пишет:
Hi Yuri,
We have checked the sslproxy_capath, all certifs updated.
OpenSSL is: OpenSSL 1.0.1e 11 Feb 2013 (Debian 7.8)
Additional point, the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think,first you can try new stage-based SSL bump with 3.5.x. To do
that you must identify problem sites.
If there is no results, you can simple bypass problem sites without bump.
Whole server-first bump, on Squid 3.5.x especially, is not so