[squid-users] SSL-Bump and generated certificates ...

Hello, I updated squid 3.4.10 to 3.5.19 on my CentOS VM, I noticed that the generated certificates are now SHA2 and not SHA1, can I influence somewhere to generate still SHA1 certificates? (I have devices which use this proxy and are not able to handle SHA2) Thanks, Walter smime.p7s

[squid-users] squid, SMP and authentication and service regression over time

Hi. I'm using squid for a long time, I'm using it to authenticate/authorize users accessing the Internet with LDAP in a Windows corporate enviromnent (Basic/NTLM/GSS-SPNEGO) and recently (about several months ago) I had to switch to the SMP scheme, because one process started to eat the

Re: [squid-users] SSL-Bump and generated certificates ...

On 05/16/2016 10:47 AM, Walter H. wrote: > I updated squid 3.4.10 to 3.5.19 on my CentOS VM, I noticed that the > generated certificates are now SHA2 and not SHA1, > can I influence somewhere to generate still SHA1 certificates? Yes, you can:

Re: [squid-users] Squid 3.5.17 SSL-Bump Step1

On 05/16/2016 04:47 AM, admin wrote: >>> acl blocked_https ssl::server_name "/etc/squid/urls/block-url" >>> https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 >>> connection-auth=off cert=/etc/squid/squidCA.pem >>> acl step1 at_step SslBump1 >>> ssl_bump peek step1 >>> ssl_bump

Re: [squid-users] SSL-Bump and generated certificates ...

Hey Walter, I am not sure if it's the ssl_crtd which does such a thing but this is my main suspect. If you can extract the ssl_crtd binary from 3.4.X(newest) and test it before maybe Alex will respond then it will verify some of the doubt. Eliezer Eliezer Croitoru Linux System

Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?

Re logging, does this eventually get logged by Squid, somewhere? For this implementation, I was going to use pfSense. Turns out that Sarg is no longer included in the package list for pfSense (current version). On Tue, May 10, 2016 at 2:43 PM, J Green wrote: > Very

Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?

Sorry, I was looking for logging of traffic management events, where maximum download/upload size has been violated. Thank you. On Mon, May 16, 2016 at 12:39 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 05/16/2016 12:37 PM, J Green wrote: > > Re logging, does this

Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?

On 05/16/2016 01:49 PM, J Green wrote: > Sorry, I was looking for logging of traffic management events, where > maximum download/upload size has been violated. When it comes to logging, I recommend that you think in terms of transactions rather than traffic management events because Squid logs

Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?

On 05/16/2016 12:37 PM, J Green wrote: > Re logging, does this eventually get logged by Squid, somewhere? All transactions accessing Squid must be logged in access.log. If a transaction is not logged, it is a Squid bug. Please note that Squid logs transactions when they complete, not when they

Re: [squid-users] Squid unable to send full PNG file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Which side to this refers squid? Check the need to configure another server. 17.05.16 2:23, Aashima Madaan пишет: > Hi, > > I have a PNG file uploaded on server. > As part of Download process, it passes through SQUID to another server for

Re: [squid-users] Can Traffic Management Settings be configured for other TCP protocols?

On 2016-05-17 07:49, J Green wrote: Sorry, I was looking for logging of traffic management events, where maximum download/upload size has been violated. Thank you. The Squid native format logs size of things delivered to the client, not the upload/request size. You will need to define a

[squid-users] squid_ldap_auth: WARNING, LDAP search error 'Referral'

Hello, I am receiving this error while authenticating a user with the AD and the internet access is denied. I know there is a switch '-R' to explicitly enable do not follow referrals which I am not using here. Did anyone faced similar issue ? My AD is using nested groups between domains where

Re: [squid-users] Squid 3.5.17 SSL-Bump Step1

Thanks for answer, Alex! Alex Rousskov писал 2016-05-17 00:24: > When access is prohibited via http_access deny, Squid needs to send an > "Access Denied" error response to the user (this is how http_access > works). To send that error to the user, Squid needs to establish a > secure connection

Re: [squid-users] Squid 3.5.17 SSL-Bump Step1

On 16/05/2016 5:48 p.m., admin wrote: > Hi! > > Squid 3.5.17 with SSL, intercept. Please upgrade to 3.5.19. > > I use SSL-Bump only step1 that get SNI and terminate HTTPS sites by > domain name. The certificate's is not replaced ! The certificate is never replaced. Though if you dont know how

Re: [squid-users] Would it be possible to run a http to https gateway using squid?

On 16/05/2016 12:53 p.m., Eliezer Croitoru wrote: > Hey Amos, > > You are right that it seems like there is no point since you already > decrypt the connection. > But in the real world the price of maintaining an encrypted session for > many users for a long period is not the same as maintaining

Re: [squid-users] Are there any distros with SSL Bump compiled by default?

On 16/05/2016 7:20 p.m., Matus UHLAR - fantomas wrote: >>> Tim Bates писал 2016-05-14 14:36: >>> >>> Are there any Linux distros with pre-compiled versions of Squid with SSL >>> Bump support compiled in? >>> >>> Alternatively, does anyone reputable do a 3rd party repo for >>> Debian/Ubuntu that

Re: [squid-users] Are there any distros with SSL Bump compiled by default?

Tim Bates писал 2016-05-14 14:36: Are there any Linux distros with pre-compiled versions of Squid with SSL Bump support compiled in? Alternatively, does anyone reputable do a 3rd party repo for Debian/Ubuntu that includes SSL Bump? On 16.05.16 10:36, admin wrote: I make deb's compiled squid

Re: [squid-users] Are there any distros with SSL Bump compiled by default?

On 16.05.16 10:36, admin wrote: I make deb's compiled squid in Debian 8: 3.5.8 3.5.17 4.0.10 OpenSSL? Tim Bates писал 2016-05-14 14:36: Are there any Linux distros with pre-compiled versions of Squid with SSL Bump support compiled in? Alternatively, does anyone reputable do a 3rd

Re: [squid-users] Are there any distros with SSL Bump compiled by default?

Yes Can send to email if needed Matus UHLAR - fantomas писал 2016-05-16 11:55: > On 16.05.16 10:36, admin wrote: > >> I make deb's compiled squid in Debian 8: >> >> 3.5.8 >> >> 3.5.17 >> >> 4.0.10 > > OpenSSL? > > Tim Bates писал 2016-05-14 14:36: > > Are there any Linux distros with

Re: [squid-users] Are there any distros with SSL Bump compiled by default?

https://itcrowd72.ru/cloud/index.php/s/W4Sv8ojnf5dVKvc squid 3.5.19 with SSL. Compiled and build deb in Debian 8. Enjoy :) Amos Jeffries писал 2016-05-16 14:25: Please update those to 3.5.19. A dozen CVE's went out these past few months. :-( ___

Re: [squid-users] Are there any distros with SSL Bump compiled by default?

Hey Tim, I have been working for quite some time on packages for couple Linux distributions and in them Ubuntu and Debian. I was planning to publish them(Ubuntu + Debian) inside a tar.xz and to attach them a tiny "update\install" script. This is since I was trying to use the deb packaging

Re: [squid-users] Squid 3.5.17 SSL-Bump Step1

Amos Jeffries писал 2016-05-16 13:34: > Please upgrade to 3.5.19. Upgrade to 3.5.19 >> acl blocked_https ssl::server_name "/etc/squid/urls/block-url" >> https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 >> connection-auth=off cert=/etc/squid/squidCA.pem >> acl step1 at_step

Re: [squid-users] New StoreID helper: squid_dedup

Hi Eliezer, Thanks for your feedback, much appreciated, /especially/ from you. The most important part is in dedup.py. I've kept an eye on efficiency without sacrificing readability (much) and extendability: https://github.com/frispete/squid_dedup/blob/master/squid_dedup/dedup.py A