Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

Yuri Voinov wrote: Hope at this. It is difficult to make long-term plans if the software has to die soon. :) --- ..And if SW doesn't die "soon", but only a little later? I.e. with google's AI designing new encryption algorithms today (nothing said about quality), how long before they can

Re: [squid-users] Squid 4.0.16 still signed by old key

On 2/11/2016 8:31 a.m., Garri Djavadyan wrote: > According to the announce [1], Squid 4.0.16 and later should be signed > by the new key B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E, but it is still > signed by the old Squid 3 key EA31CC5E9488E5168D2DCC5EB268E706FF5CF463: > > $ gpg2 --verify

Re: [squid-users] Can Squid communicate http to clients connecting to https sites?

On 2/11/2016 12:55 p.m., vze2k3sa wrote: > Hi, > > I have a question around have Squid which is configured to handle all > company traffic to and from the web. When connecting to an SSL website, HTTP > Connect is used. Can Squid be configured so all the inbound SSL traffic is > SSL decrypted and

[squid-users] Can Squid communicate http to clients connecting to https sites?

Hi, I have a question around have Squid which is configured to handle all company traffic to and from the web. When connecting to an SSL website, HTTP Connect is used. Can Squid be configured so all the inbound SSL traffic is SSL decrypted and send back to clients as clear text http traffic?

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.11.2016 2:58, Alex Rousskov пишет: > On 11/01/2016 02:47 PM, Yuri Voinov wrote: > >> if the SSL bump will be impossible to do - >> whether it should be understood that in such a situation you close the >> project Squid as unnecessary? :)

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

On 11/01/2016 02:47 PM, Yuri Voinov wrote: > if the SSL bump will be impossible to do - > whether it should be understood that in such a situation you close the > project Squid as unnecessary? :) Seriously, why does it then need to be > in a world without HTTP? Believe it or not, there are still

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.11.2016 2:03, Alex Rousskov пишет: > On 10/31/2016 04:13 PM, L. A. Walsh wrote: >> Google is pushing this for all websites by October 2017 > > Just Extended Validation (EV) sites, to be exact AFAICT. All other sites > will be forced into the

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

On 10/31/2016 04:13 PM, L. A. Walsh wrote: > Google is pushing this for all websites by October 2017 Just Extended Validation (EV) sites, to be exact AFAICT. All other sites will be forced into the new scheme sometime later. Naturally, this may result in requests to downgrade mimicked server

[squid-users] Squid 3.5.22-1 is available for Ubuntu 16.04 LTS (online repo ubuntu16.diladele.com)

Greetings everyone, The Squid 3.5.22-1 package for Ubuntu 16.04 LTS is now available. This version is recompiled using Squid DEB source from Debian Testing with some changes required to support SSL bump / libecap3 on Ubuntu 16.04 LTS. Note - It took so long because we just rebuild a package

[squid-users] Squid 4.0.16 still signed by old key

According to the announce [1], Squid 4.0.16 and later should be signed by the new key B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E, but it is still signed by the old Squid 3 key EA31CC5E9488E5168D2DCC5EB268E706FF5CF463: $ gpg2 --verify squid-4.0.16.tar.xz.asc squid-4.0.16.tar.xz gpg: Signature

Re: [squid-users] iOS 10.x, https and squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.11.2016 0:47, Eugene M. Zheganin пишет: > Hi. > > Does anyone have issues with iOS 10.x devices connecting through proxy (3.5.x) to the https-enabled sites ? Because I do. Non-https sites work just fine, but https ones just stuck on loading.

Re: [squid-users] iOS 10.x, https and squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.11.2016 0:47, Eugene M. Zheganin пишет: > Hi. > > Does anyone have issues with iOS 10.x devices connecting through proxy (3.5.x) to the https-enabled sites ? Because I do. Non-https sites work just fine, but https ones just stuck on loading.

[squid-users] iOS 10.x, https and squid

Hi. Does anyone have issues with iOS 10.x devices connecting through proxy (3.5.x) to the https-enabled sites ? Because I do. Non-https sites work just fine, but https ones just stuck on loading. First I thought that this is a problem with sslBump and disabled it, but this didn't help. I got

Re: [squid-users] Getting "browser history" from squid logs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 01.11.2016 23:01, Andrea Venturoli пишет: > Hello. > > I'd think this question would have appeared so many times, still searching the web did not help... > > I'm familiar with Squid logs and even with some of the several software that produces

Re: [squid-users] Getting "browser history" from squid logs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 As you certainly know, the history of the browser is not the same as the proxy access log. Putting the problem, as a rule should clarify - what you want to achieve? If the purpose forensic - from this point of view there is no difference.