Hello, Recent version of Firefox made some changes to certificate verification. See here: https://wiki.mozilla.org/SecurityEngineering/Certificate_Verification After this many SSL bumped sites are showing verification error. An error occurred during a connection to s-static.ak.facebook.com. Certificate extension value is invalid. (Error code: sec_error_extension_value_invalid) Examples: Facebook = https://s-static.ak.facebook.com/ Hotmail = https://sc.imp.live.com Those sites work without SSL bumping. Currently it can be fixed by changing: security.use_mozillapkix_verification to false in Firefox. As per Mozilla this will become always true from FF 33. There is a bug report at Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1045973 But I doubt this actually is bug but future security feature. Can anything be done in squid to allow above? i.e. allow it to work regardless of value of mozillapkix Thanks and regards, Amm
