Hi, I read this interesting thread: http://squid-web-proxy-cache.1019090.n4.nabble.com/Skype-SSL-is-incompatible-with-OpenSSL-td4665803.html And from what I read, I'd assume those entries in cache.log ... 2015/10/14 13:44:51 kid1| Error negotiating SSL on FD 144: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) 2015/10/14 13:45:17 kid1| Error negotiating SSL on FD 118: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) 2015/10/14 13:45:17 kid1| Error negotiating SSL connection on FD 114: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate (1/0) ... are caused by skype clients, or other clients that use port 443 for non-ssl traffic. My ssl_bump setup is as follows: acl splice_ips dst "/usr/local/etc/squid/splice_ips" acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump splice splice_ips ssl_bump bump all Is there a way to increase verbosity of cache.log in a way that I get more information about this? I guess I am mostly interested in remote IP addresses so I can add them to splice_ips ACL. Thank you in advance, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/ _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
