Hi I tried updating the relevant conf lines as: http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/usr/local/squid3/ssl_cert/myCA.pem sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 16MB and tried that, but no change I then tried the alternet protocol line as suggested but no result. https://www.facebook.com also skips loading mainly images. I have all the icap working, but this one is proving to be the roadblock. thanks for coming back so quick! Darren B. -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Monday, 3 February 2014 8:54 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: SSL_Bump issue On 2014-02-03 12:11, Darren Breeze wrote: > Hi > > I am writing an icap application to do https intercept for a local > application. I have used Squid 3.4.2 setup ssl_bump as follows: > <snip> > However, some of the news story thumbnails are failing to load as they > are being loaded off another https server eg. > > https://lh3.googleusercontent.com/-TrtEHOgcMFE/AAAAAAAAAAI/AAAAAAAAAAA > /K547x > _dy1bY/s32/photo.jpg > > other urls load ok coming off various servers eg. > > https://t2.gstatic.com/images?q=tbn:ANd9GcQEUL_w18SM0m00j_JjU0KhoxaQ0M > mrovPP V8-w_RclRK6RslWtD6ZUOmTfkOVu6dTnjbAUbeQ > > I am guessing that squid would have to manage a large list of server > certs just to load this page and there is some limit I need to set > higher? > Maybe. It would be the cert cache size (currently 4MB) if so. Also, Google servers emit a header to make the browsers (Chrome in particular) move away from HTTP to their experimental transfer protocols. You could try: reply_header_access Alternate-Protocol deny all Amos
