Hello,
I updated squid 3.4.10 to 3.5.19 on my CentOS VM, I noticed that the
generated certificates are now SHA2 and not SHA1,
can I influence somewhere to generate still SHA1 certificates?
(I have devices which use this proxy and are not able to handle SHA2)
Thanks,
Walter
smime.p7s
Hi.
I'm using squid for a long time, I'm using it to authenticate/authorize
users accessing the Internet with LDAP in a Windows corporate
enviromnent (Basic/NTLM/GSS-SPNEGO) and recently (about several months
ago) I had to switch to the SMP scheme, because one process started to
eat the
On 05/16/2016 10:47 AM, Walter H. wrote:
> I updated squid 3.4.10 to 3.5.19 on my CentOS VM, I noticed that the
> generated certificates are now SHA2 and not SHA1,
> can I influence somewhere to generate still SHA1 certificates?
Yes, you can:
On 05/16/2016 04:47 AM, admin wrote:
>>> acl blocked_https ssl::server_name "/etc/squid/urls/block-url"
>>> https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2
>>> connection-auth=off cert=/etc/squid/squidCA.pem
>>> acl step1 at_step SslBump1
>>> ssl_bump peek step1
>>> ssl_bump
Hey Walter,
I am not sure if it's the ssl_crtd which does such a thing but this is my
main suspect.
If you can extract the ssl_crtd binary from 3.4.X(newest) and test it before
maybe Alex will respond then it will verify some of the doubt.
Eliezer
Eliezer Croitoru
Linux System
Re logging, does this eventually get logged by Squid, somewhere?
For this implementation, I was going to use pfSense. Turns out that Sarg
is no longer included in the package list for pfSense (current version).
On Tue, May 10, 2016 at 2:43 PM, J Green wrote:
> Very
Sorry, I was looking for logging of traffic management events, where
maximum download/upload size has been violated. Thank you.
On Mon, May 16, 2016 at 12:39 PM, Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 05/16/2016 12:37 PM, J Green wrote:
> > Re logging, does this
On 05/16/2016 01:49 PM, J Green wrote:
> Sorry, I was looking for logging of traffic management events, where
> maximum download/upload size has been violated.
When it comes to logging, I recommend that you think in terms of
transactions rather than traffic management events because Squid logs
On 05/16/2016 12:37 PM, J Green wrote:
> Re logging, does this eventually get logged by Squid, somewhere?
All transactions accessing Squid must be logged in access.log. If a
transaction is not logged, it is a Squid bug.
Please note that Squid logs transactions when they complete, not when
they
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Which side to this refers squid? Check the need to configure another server.
17.05.16 2:23, Aashima Madaan пишет:
> Hi,
>
> I have a PNG file uploaded on server.
> As part of Download process, it passes through SQUID to another server
for
On 2016-05-17 07:49, J Green wrote:
Sorry, I was looking for logging of traffic management events, where
maximum download/upload size has been violated. Thank you.
The Squid native format logs size of things delivered to the client, not
the upload/request size.
You will need to define a
Hello,
I am receiving this error while authenticating a user with the AD and the
internet access is denied. I know there is a switch '-R' to explicitly enable
do not follow referrals which I am not using here.
Did anyone faced similar issue ? My AD is using nested groups between domains
where
Thanks for answer, Alex!
Alex Rousskov писал 2016-05-17 00:24:
> When access is prohibited via http_access deny, Squid needs to send an
> "Access Denied" error response to the user (this is how http_access
> works). To send that error to the user, Squid needs to establish a
> secure connection
On 16/05/2016 5:48 p.m., admin wrote:
> Hi!
>
> Squid 3.5.17 with SSL, intercept.
Please upgrade to 3.5.19.
>
> I use SSL-Bump only step1 that get SNI and terminate HTTPS sites by
> domain name. The certificate's is not replaced !
The certificate is never replaced. Though if you dont know how
On 16/05/2016 12:53 p.m., Eliezer Croitoru wrote:
> Hey Amos,
>
> You are right that it seems like there is no point since you already
> decrypt the connection.
> But in the real world the price of maintaining an encrypted session for
> many users for a long period is not the same as maintaining
On 16/05/2016 7:20 p.m., Matus UHLAR - fantomas wrote:
>>> Tim Bates писал 2016-05-14 14:36:
>>>
>>> Are there any Linux distros with pre-compiled versions of Squid with SSL
>>> Bump support compiled in?
>>>
>>> Alternatively, does anyone reputable do a 3rd party repo for
>>> Debian/Ubuntu that
Tim Bates писал 2016-05-14 14:36:
Are there any Linux distros with pre-compiled versions of Squid with SSL
Bump support compiled in?
Alternatively, does anyone reputable do a 3rd party repo for
Debian/Ubuntu that includes SSL Bump?
On 16.05.16 10:36, admin wrote:
I make deb's compiled squid
On 16.05.16 10:36, admin wrote:
I make deb's compiled squid in Debian 8:
3.5.8
3.5.17
4.0.10
OpenSSL?
Tim Bates писал 2016-05-14 14:36:
Are there any Linux distros with pre-compiled versions of Squid with SSL Bump
support compiled in?
Alternatively, does anyone reputable do a 3rd
Yes
Can send to email if needed
Matus UHLAR - fantomas писал 2016-05-16 11:55:
> On 16.05.16 10:36, admin wrote:
>
>> I make deb's compiled squid in Debian 8:
>>
>> 3.5.8
>>
>> 3.5.17
>>
>> 4.0.10
>
> OpenSSL?
>
> Tim Bates писал 2016-05-14 14:36:
>
> Are there any Linux distros with
https://itcrowd72.ru/cloud/index.php/s/W4Sv8ojnf5dVKvc
squid 3.5.19 with SSL. Compiled and build deb in Debian 8. Enjoy :)
Amos Jeffries писал 2016-05-16 14:25:
Please update those to 3.5.19. A dozen CVE's went out these past few
months. :-(
___
Hey Tim,
I have been working for quite some time on packages for couple Linux
distributions and in them Ubuntu and Debian.
I was planning to publish them(Ubuntu + Debian) inside a tar.xz and to attach
them a tiny "update\install" script.
This is since I was trying to use the deb packaging
Amos Jeffries писал 2016-05-16 13:34:
> Please upgrade to 3.5.19.
Upgrade to 3.5.19
>> acl blocked_https ssl::server_name "/etc/squid/urls/block-url"
>> https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2
>> connection-auth=off cert=/etc/squid/squidCA.pem
>> acl step1 at_step
Hi Eliezer,
Thanks for your feedback, much appreciated, /especially/ from you.
The most important part is in dedup.py. I've kept an eye on efficiency without
sacrificing readability (much) and extendability:
https://github.com/frispete/squid_dedup/blob/master/squid_dedup/dedup.py
A
23 matches
Mail list logo