Re: [squid-users] SSL_Bump issue

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 03 Feb 2014 13:54:22 +1300

On 2014-02-03 12:11, Darren Breeze wrote:
> Hi
>
> I am writing an icap application to do https intercept for a local
> application. I have used Squid 3.4.2 setup ssl_bump as follows:
>
<snip>

> However, some of the news story thumbnails are failing to load as they
> are
> being loaded off another https server eg.
>
> https://lh3.googleusercontent.com/-TrtEHOgcMFE/AAAAAAAAAAI/AAAAAAAAAAA/K547x
> _dy1bY/s32/photo.jpg
>
> other urls load ok coming off various servers eg.
>
> https://t2.gstatic.com/images?q=tbn:ANd9GcQEUL_w18SM0m00j_JjU0KhoxaQ0MmrovPP
> V8-w_RclRK6RslWtD6ZUOmTfkOVu6dTnjbAUbeQ
>
> I am guessing that squid would have to manage a large list of server
> certs
> just to load this page and there is some limit I need to set higher?
>

Maybe. It would be the cert cache size (currently 4MB) if so.

Also, Google servers emit a header to make the browsers (Chrome in
particular) move away from HTTP to their experimental transfer
protocols. You could try:

   reply_header_access Alternate-Protocol deny all

Amos
Received on Mon Feb 03 2014 - 00:54:29 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 03 2014 - 12:00:04 MST