Yuri Voinov wrote > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Did you read > > http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit > > this first? > > Look once more to examples. > > 02.03.16 2:15, Baselsayeh пишет: >> Yuri Voinov wrote >> Seems to some else misconfiguration in peek-n-splice section. >> >> Where is your at_step peek definition? >> >> 02.03.16 2:08, Baselsayeh пишет: >> >>> Yuri Voinov wrote >> >>>> -----BEGIN PGP SIGNED MESSAGE----- >> >>>> Hash: SHA256 >> >>>> >> >>>> Aha. >> >>>> >> >>>> You must know, that stare is client initiated handshake. This is > a bit >> >>>> specific option, which is useless in most usecases (IMHO). >> >>>> >> >>>> More reliable configuration is peek then bump. >> >>>> >> >>>> Did you client (android) contains your cache CA public key? >> >>>> _______________________________________________ >> >>>> squid-users mailing list >> >>> >> >>>> squid-users@.squid-cache >> >>> >> >>>> http://lists.squid-cache.org/listinfo/squid-users >> >>>> >> >>>> >> >>>> 0x613DEC46.asc (2K) >> >>>> >> > <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc> >> >>> >> >>> now new error after changing config to peek then bump >> >>> >> >>> access.log : http://pastebin.com/j97k953r >> <http://pastebin.com/j97k953r> >> >>> >> >>> cache.log : http://pastebin.com/2jF6nqeM >> >>> <http://pastebin.com/2jF6nqeM> >> >>> >> >>> squid.config : http://pastebin.com/FDuHtCDD >> <http://pastebin.com/FDuHtCDD> >> >>> >> >>> and now youtube works but when i enter a video it loads for a > little bit >> >>> then says >> >>> "Connection to the server lost" >> >>> "tap to retry" >> >>> >> >>> i tried more than 10 videos and none of them worked >> >>> >> >>> >> >>> >> >>> -- >> >>> View this message in context: >> > http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html >> >>> Sent from the Squid - Users mailing list archive at Nabble.com. >> >>> _______________________________________________ >> >>> squid-users mailing list >> >>> >> >> squid-users@.squid-cache >> >> >>> http://lists.squid-cache.org/listinfo/squid-users >> >>> >>> >>> _______________________________________________ >>> squid-users mailing list >> >>> squid-users@.squid-cache >> >>> http://lists.squid-cache.org/listinfo/squid-users >>> >>> >>> 0x613DEC46.asc (2K) >>> > <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc> >> >> what do you mean? >> >> this? >> >> http_port 3428 intercept >> https_port 3429 intercept ssl-bump generate-host-certificates=on >> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem >> key=/home/basel/squid/rootCAkey.key >> ssl_bump peek all >> ssl_bump bump all >> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB >> sslcrtd_children 3 startup=1 idle=1 >> >> >> >> >> -- >> View this message in context: > http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html >> Sent from the Squid - Users mailing list archive at Nabble.com. >> _______________________________________________ >> squid-users mailing list >> > squid-users@.squid-cache >> http://lists.squid-cache.org/listinfo/squid-users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6 > ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8 > Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/ > MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj > fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT > Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I= > =WmcI > -----END PGP SIGNATURE----- > > > _______________________________________________ > squid-users mailing list > squid-users@.squid-cache > http://lists.squid-cache.org/listinfo/squid-users > > > 0x613DEC46.asc (2K) > <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc> it works now http_port 3428 intercept https_port 3429 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem key=/home/basel/squid/rootCAkey.key acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump peek step1 ssl_bump bump all sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB sslcrtd_children 3 startup=1 idle=1 is it correct? do i need sslproxy_cafile? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
