Re: [squid-users] Getting SSL Connection Errors (Eliezer Croitoru)

ll > > > connect_timeout 60 minute > read_timeout 60 minute > write_timeout 60 minute > request_timeout 60 minute > > ## http filtering ### > #http_access allow localnet allowed_http_only > #http_access allow localhost allowed_http_only > http_access allow localn

Re: [squid-users] peek & splice only to log ssl info

On 2/25/22 14:36, Matus UHLAR - fantomas wrote: I only intend to splice connections but after repeated reading https://wiki.squid-cache.org/Features/SslPeekAndSplice I still don't understand parts of the logic. - is the combination described at:

Re: [squid-users] Trying to set up SSL cache - solved!

On Sat, 26 Feb 2022 02:06:23 +1300 Amos Jeffries wrote: > Agreed. Luckily we hear you (Alex and I are pretty much "them" these days). > Hopefully I don't sound unappreciative; I'm thankful for the work you've put into Squid, and the quick and useful responses you've given here on the list,

Re: [squid-users] Random trouble with image downloads

On Sat, 26 Feb 2022 02:09:14 +1300 Amos Jeffries wrote: > I suspect you are seeing > > Unfortunately we do not have a good fix for it yet. OK, it looks like the work is still ongoing, so I will implement some kind of workaround for now and

[squid-users] peek & splice only to log ssl info

Hello, I'll upgrade some debian servers to debian 10 where squid-ssl package (4.13) is available and I'm searching for way to enhance current logging of CONNECT requests to include SSL data - SNI servername and possibly basic certificate info. I only intend to splice connections but after

Re: [squid-users] Trying to set up SSL cache

On Sat, 26 Feb 2022 00:16:30 +1300 Amos Jeffries wrote: > [...] > > There are a few things to be aware of while troubleshooting: > > * not all TLS connections can be bump'ed. TLS is designed to prevent > exactly the type of decrypt that bump does. If the client and server are > using TLS

Re: [squid-users] Trying to set up SSL cache

On 2/25/22 06:16, Amos Jeffries wrote: On 24/02/22 15:26, Dave Blanchard wrote: ssl_bump peek all Okay TLS handshake clientHello gets observed by Squid. ... and TLS ServerHello. The "all" ACL will match during SslBump step1 _and_ step2 ssl_bump bump all ... now (step3) everything

Re: [squid-users] Squid Question regarding tcp handshake

On 2/24/22 10:03, Felipe Polanco wrote: Does squid first complete the tcp handshake on its users and then a second handshake on the destination IP Yes, kind of. Keep in mind that Squid pretty much does not know anything about TCP handshakes, SYN packets, etc. Nearly all TCP-level work is

Re: [squid-users] Trying to set up SSL cache - solved!

On 2/24/22 16:49, Dave Blanchard wrote: This tutorial situation is really out of control. Sadly, this is what can be expected to happen when the syntax is changed with every version. Now we're in a real mess. I hope the Squid developers will make up their minds on how they want the syntax to be

[squid-users] Getting SSL Connection Errors (Eliezer Croitoru)

allowed_https_sites > ssl_bump terminate step2 all > > > connect_timeout 60 minute > read_timeout 60 minute > write_timeout 60 minute > request_timeout 60 minute > > ## http filtering ### > #http_access allow localnet allowed_http_only > #http_access all

Re: [squid-users] slow down response to broken clients ?

On 25/02/22 20:47, Dieter Bloms wrote: Hello, Sometimes a client tries to reach a destination that is blocked at the proxy. The proxy responds with a 403 and the client then immediately tries again and again, making hundreds of requests per second. Is it possible to add an artificial delay here

Re: [squid-users] Random trouble with image downloads

On 25/02/22 18:14, Dave Blanchard wrote: OK, I've got Squid mostly working fine, but have noticed a problem with certain image downloads, which in at least one case are coming from storage.googleapis.com. (Profile images for a forum.) It's as if Squid sometimes randomly fails to download and

Re: [squid-users] Trying to set up SSL cache - solved!

On 25/02/22 10:49, Dave Blanchard wrote: On Thu, 24 Feb 2022 15:07:53 -0500 Alex Rousskov wrote: What is the replacement for client-first? A "good" answer depends on what exactly you are trying to achieve; details matter. A "dumb" answer (i.e. a direct replacement without considering your

Re: [squid-users] Trying to set up SSL cache - solved!

On 25/02/22 05:41, Grant Taylor wrote: On 2/24/22 9:08 AM, Alex Rousskov wrote: "more examples" is hardly the answer. I believe that "more examples" can be additional data that someone can derive information ~> knowledge from. Or said another way, it's a step in the proper direction. At

Re: [squid-users] Squid Question regarding tcp handshake

On 25/02/22 04:03, Felipe Polanco wrote: Hi, A question Regarding TCP handshake. Does squid first complete the tcp handshake on its users and then a second handshake on the destination IP or as soon as it receives the TCP SYN flag it does the same with the destination. The TCP

Re: [squid-users] Trying to set up SSL cache

On 24/02/22 15:26, Dave Blanchard wrote: Hello, I'm trying to configure Squid as a HTTPS cache on my local computer, using ssl-bump. I've got it working as a basic proxy, but the traffic seems to just be tunneling through and not being cached. Do you actually get at least *2* (maybe 3) Squid

Re: [squid-users] getsockopt failures, although direct access to intercept ports is blocked

On 24/02/22 12:05, Andreas Weigel wrote: Hi everyone, I had the following issue with Squid in Transparent Mode (and SSL Interception in mode splice). It is working as expected, however after multiple long-running (talking about several seconds) anti-virus ecap-Processes have finished, I