I meant to say “forward secrecy”, which appears to be a list of specific ciphers: https://developer.apple.com/library/watchos/technotes/App-Transport-Security-Technote/index.html Anyone know how to translate that list of ciphers to use in sslproxy_cipher in squid.conf? > On 14 Oct 2015, at 2:39 PM, Dan Charlesworth <dan@xxxxxxxxxxx> wrote: > > ¯\_(ツ)_/¯ > > All I really have to go on is those errors com.apple.WebKit.Networking is logging which apparently points to a specific thing it’s missing called “forward transport security”. Only the peek@step1 seems to make it as far as any of squid’s logs. > > No other browsers affected that I can find, not even mobile Safari. The sites that do and don’t fail seems random too. > > Fine: instagram.com, getpocket.com, youtube.com > > Not fine: httpbin.org, news.ycombinator.com, basecamp.com, wikipedia.org, dribbble.com, icloud.com, vimeo.com, reddit.com > >> On 14 Oct 2015, at 2:13 PM, Jason Haar <Jason_Haar@xxxxxxxxxxx> wrote: >> >> On 14/10/15 16:08, Dan Charlesworth wrote: >>> I thought that fixed it for a second … >>> >>> But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually splicing everything, it seems. >>> >>> Any other advice? :-) >> Could this imply be a pinning issue? ie does Safari track the CAs used >> by those sites - thus causing the problem you see? Certainly matches the >> symptoms >> >> -- >> Cheers >> >> Jason Haar >> Corporate Information Security Manager, Trimble Navigation Ltd. >> Phone: +1 408 481 8171 >> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 >> >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
