On 2014-02-03 12:11, Darren Breeze wrote:
> Hi
>
> I am writing an icap application to do https intercept for a local
> application. I have used Squid 3.4.2 setup ssl_bump as follows:
>
<snip>
> However, some of the news story thumbnails are failing to load as they
> are
> being loaded off another https server eg.
>
> https://lh3.googleusercontent.com/-TrtEHOgcMFE/AAAAAAAAAAI/AAAAAAAAAAA/K547x
> _dy1bY/s32/photo.jpg
>
> other urls load ok coming off various servers eg.
>
> https://t2.gstatic.com/images?q=tbn:ANd9GcQEUL_w18SM0m00j_JjU0KhoxaQ0MmrovPP
> V8-w_RclRK6RslWtD6ZUOmTfkOVu6dTnjbAUbeQ
>
> I am guessing that squid would have to manage a large list of server
> certs
> just to load this page and there is some limit I need to set higher?
>
Maybe. It would be the cert cache size (currently 4MB) if so.
Also, Google servers emit a header to make the browsers (Chrome in
particular) move away from HTTP to their experimental transfer
protocols. You could try:
reply_header_access Alternate-Protocol deny all
Amos
Received on Mon Feb 03 2014 - 00:54:29 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 03 2014 - 12:00:04 MST