On 2014-02-03 12:11, Darren Breeze wrote:
Hi
I am writing an icap application to do https intercept for a local
application. I have used Squid 3.4.2 setup ssl_bump as follows:
<snip>
However, some of the news story thumbnails are failing to load as they
are
being loaded off another https server eg.
https://lh3.googleusercontent.com/-TrtEHOgcMFE/AAAAAAAAAAI/AAAAAAAAAAA/K547x
_dy1bY/s32/photo.jpg
other urls load ok coming off various servers eg.
https://t2.gstatic.com/images?q=tbn:ANd9GcQEUL_w18SM0m00j_JjU0KhoxaQ0MmrovPP
V8-w_RclRK6RslWtD6ZUOmTfkOVu6dTnjbAUbeQ
I am guessing that squid would have to manage a large list of server
certs
just to load this page and there is some limit I need to set higher?
Maybe. It would be the cert cache size (currently 4MB) if so.
Also, Google servers emit a header to make the browsers (Chrome in
particular) move away from HTTP to their experimental transfer
protocols. You could try:
reply_header_access Alternate-Protocol deny all
Amos
