Re: [squid-users] Squid 4.0.15 sni exceptions works for whatsapp

On 10/28/2016 03:58 PM, Eliezer Croitoru wrote: > OK then I will wait for 4.0.16 to see how it will work there. > In 3.5.22 I see that there is still an issue. Yes, but we did provide a v3.5 fix as well, and I encourage you to test it:

Re: [squid-users] Squid 4.0.15 sni exceptions works for whatsapp

OK then I will wait for 4.0.16 to see how it will work there. In 3.5.22 I see that there is still an issue. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: Alex Rousskov

Re: [squid-users] Default state for the option generate-host-certificates

On 2016-10-28 18:39, Yuri Voinov wrote: It seems bug. On 2016-10-28 19:53, Alex Rousskov wrote: Is it a bug, documentation error or I simply missed something? It is a bug IMO. The documented intent sounds worth supporting to me. Thanks. I've opened the report [1]. [1]

Re: [squid-users] Squid 4.0.15 sni exceptions works for whatsapp

On 10/28/2016 08:30 AM, Eliezer Croitoru wrote: > In 4.0.14 there was a regression in ssl bump. If you are thinking about the server_name bug fixed by trunk r14898, then it was not a v4.0.14 regression but an original bug. Any server_name testing without that fix is nearly useless (unfortunately)

Re: [squid-users] Default state for the option generate-host-certificates

On 10/28/2016 06:56 AM, Garri Djavadyan wrote: > The last sentence for generate-host-certificates[=] option > paragraph states: > > This option is enabled by default when ssl-bump is used. I see no [trunk] code to match that statement. > Is it a bug, documentation error or I simply

[squid-users] Squid 4.0.15 sni exceptions works for whatsapp

In 4.0.14 there was a regression in ssl bump. I have tested with the next snippet: acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump" ssl_bump splice NoSSLIntercept ssl_bump peek DiscoverSNIHost ssl_bump bump all ##url.nobump

Re: [squid-users] Default state for the option generate-host-certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It seems bug. Just always specify option explicity. 28.10.2016 18:56, Garri Djavadyan пишет: > Hello list, > > The last sentence for generate-host-certificates[=] option > paragraph states: > > This option is enabled by default when

[squid-users] Default state for the option generate-host-certificates

Hello list, The last sentence for generate-host-certificates[=] option paragraph states:   This option is enabled by default when ssl-bump is used. See the   ssl-bump option above for more information. But a client can't negotiate secure connection and times out when the option is not

[squid-users] [squid-announce] Squid Signing key rollover

The PGP key I use to sign Squid binaries and associated files is being refreshed. Squid-4.0.16 and later releases will be signed with the key; Email: Amos Jeffries (Squid Signing Key) Fingerprint: B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E This new Squid-4 key

[squid-users] Can I block facebook videos globally?

Hi list, Can I block facebook videos globally? I wrote below acls acl deny_rep_mime_flashvideo rep_mime_type video/x-flv http_reply_access deny deny_rep_mime_flashvideo acl facebook_videos dstdomain fbcdn-video-*.akamaihd.net video-*.fbcdn.net fbcdn-creative-*.akamaihd.net http_access deny