Thanks Yuri Voinov wrote > 02.03.16 2:34, Baselsayeh пишет: >> Yuri Voinov wrote >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA256 >>> >>> Did you read >>> >>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit >>> >>> this first? >>> >>> Look once more to examples. >>> >>> 02.03.16 2:15, Baselsayeh пишет: >>>> Yuri Voinov wrote >>>> Seems to some else misconfiguration in peek-n-splice section. >>>> >>>> Where is your at_step peek definition? >>>> >>>> 02.03.16 2:08, Baselsayeh пишет: >>>>>>> Yuri Voinov wrote >>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>> Hash: SHA256 >>>>>>>> >>>>>>>> Aha. >>>>>>>> >>>>>>>> You must know, that stare is client initiated handshake. This is >>> a bit >>>>>>>> specific option, which is useless in most usecases (IMHO). >>>>>>>> >>>>>>>> More reliable configuration is peek then bump. >>>>>>>> >>>>>>>> Did you client (android) contains your cache CA public key? >>>>>>>> _______________________________________________ >>>>>>>> squid-users mailing list >>>>>>>> squid-users@.squid-cache >>>>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>>>> >>>>>>>> >>>>>>>> 0x613DEC46.asc (2K) >>>>>>>> >>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc> >>>>>>> now new error after changing config to peek then bump >>>>>>> >>>>>>> access.log : http://pastebin.com/j97k953r >>>> <http://pastebin.com/j97k953r> >>>>>>> cache.log : http://pastebin.com/2jF6nqeM >>>>>>> <http://pastebin.com/2jF6nqeM> >>>>>>> >>>>>>> squid.config : http://pastebin.com/FDuHtCDD >>>> <http://pastebin.com/FDuHtCDD> >>>>>>> and now youtube works but when i enter a video it loads for a >>> little bit >>>>>>> then says >>>>>>> "Connection to the server lost" >>>>>>> "tap to retry" >>>>>>> >>>>>>> i tried more than 10 videos and none of them worked >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> View this message in context: >>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html >>>>>>> Sent from the Squid - Users mailing list archive at Nabble.com. >>>>>>> _______________________________________________ >>>>>>> squid-users mailing list >>>>>>> >>>> squid-users@.squid-cache >>>> >>>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>> >>>>> _______________________________________________ >>>>> squid-users mailing list >>>>> squid-users@.squid-cache >>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>> >>>>> >>>>> 0x613DEC46.asc (2K) >>>>> >>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc> >>>> what do you mean? >>>> >>>> this? >>>> >>>> http_port 3428 intercept >>>> https_port 3429 intercept ssl-bump generate-host-certificates=on >>>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem >>>> key=/home/basel/squid/rootCAkey.key >>>> ssl_bump peek all >>>> ssl_bump bump all >>>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M >>>> 200MB >>>> sslcrtd_children 3 startup=1 idle=1 >>>> >>>> >>>> >>>> >>>> -- >>>> View this message in context: >>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html >>>> Sent from the Squid - Users mailing list archive at Nabble.com. >>>> _______________________________________________ >>>> squid-users mailing list >>>> >>> squid-users@.squid-cache >>>> http://lists.squid-cache.org/listinfo/squid-users >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v2 >>> >>> iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6 >>> ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8 >>> Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/ >>> MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj >>> fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT >>> Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I= >>> =WmcI >>> -----END PGP SIGNATURE----- >>> >>> >>> _______________________________________________ >>> squid-users mailing list >>> squid-users@.squid-cache >>> http://lists.squid-cache.org/listinfo/squid-users >>> >>> >>> 0x613DEC46.asc (2K) >>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc> >> it works now >> >> http_port 3428 intercept >> https_port 3429 intercept ssl-bump generate-host-certificates=on >> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem >> key=/home/basel/squid/rootCAkey.key >> acl step1 at_step SslBump1 >> acl step2 at_step SslBump2 >> acl step3 at_step SslBump3 >> ssl_bump peek step1 >> ssl_bump bump all >> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB >> sslcrtd_children 3 startup=1 idle=1 >> >> is it correct? > Seems correct. >> >> do i need sslproxy_cafile? > Not at all cases. By default openssl can take it own CA bundle installed > with it. >> >> >> >> >> -- >> View this message in context: >> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html >> Sent from the Squid - Users mailing list archive at Nabble.com. >> _______________________________________________ >> squid-users mailing list >> > squid-users@.squid-cache >> http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@.squid-cache > http://lists.squid-cache.org/listinfo/squid-users Jorgeley wrote > I'm not sure if this can solve the problem, but, in my squid.conf I deny > youtube to cache using "cache_deny" > > 2016-03-02 3:04 GMT-03:00 Yuri Voinov < > yvoinov@ > >: > >> >> >> 02.03.16 2:34, Baselsayeh пишет: >> >>> Yuri Voinov wrote >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA256 >>>> Did you read >>>> >>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit >>>> >>>> this first? >>>> >>>> Look once more to examples. >>>> >>>> 02.03.16 2:15, Baselsayeh пишет: >>>> >>>>> Yuri Voinov wrote >>>>> Seems to some else misconfiguration in peek-n-splice section. >>>>> >>>>> Where is your at_step peek definition? >>>>> >>>>> 02.03.16 2:08, Baselsayeh пишет: >>>>> >>>>>> Yuri Voinov wrote >>>>>>>> >>>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>>> Hash: SHA256 >>>>>>>>> >>>>>>>>> Aha. >>>>>>>>> >>>>>>>>> You must know, that stare is client initiated handshake. This is >>>>>>>>> >>>>>>>> a bit >>>> >>>>> specific option, which is useless in most usecases (IMHO). >>>>>>>>> >>>>>>>>> More reliable configuration is peek then bump. >>>>>>>>> >>>>>>>>> Did you client (android) contains your cache CA public key? >>>>>>>>> _______________________________________________ >>>>>>>>> squid-users mailing list >>>>>>>>> squid-users@.squid-cache >>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>>>>> >>>>>>>>> >>>>>>>>> 0x613DEC46.asc (2K) >>>>>>>>> >>>>>>>>> < >>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc> >>>> ; >>>> >>>>> now new error after changing config to peek then bump >>>>>>>> >>>>>>>> access.log : http://pastebin.com/j97k953r >>>>>>>> >>>>>>> <http://pastebin.com/j97k953r> >>>>> >>>>>> cache.log : http://pastebin.com/2jF6nqeM >>>>>>>> <http://pastebin.com/2jF6nqeM> >>>>>>>> >>>>>>>> squid.config : http://pastebin.com/FDuHtCDD >>>>>>>> >>>>>>> <http://pastebin.com/FDuHtCDD> >>>>> >>>>>> and now youtube works but when i enter a video it loads for a >>>>>>>> >>>>>>> little bit >>>> >>>>> then says >>>>>>>> "Connection to the server lost" >>>>>>>> "tap to retry" >>>>>>>> >>>>>>>> i tried more than 10 videos and none of them worked >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> View this message in context: >>>>>>>> >>>>>>> >>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html >>>> >>>>> Sent from the Squid - Users mailing list archive at Nabble.com. >>>>>>>> _______________________________________________ >>>>>>>> squid-users mailing list >>>>>>>> >>>>>>>> squid-users@.squid-cache >>>>> >>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> squid-users mailing list >>>>>> squid-users@.squid-cache >>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>> >>>>>> >>>>>> 0x613DEC46.asc (2K) >>>>>> >>>>>> < >>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc> >>>> ; >>>> >>>> what do you mean? >>>>> >>>>> this? >>>>> >>>>> http_port 3428 intercept >>>>> https_port 3429 intercept ssl-bump generate-host-certificates=on >>>>> dynamic_cert_mem_cache_size=200MB >>>>> cert=/home/basel/squid/rootCAcert.pem >>>>> key=/home/basel/squid/rootCAkey.key >>>>> ssl_bump peek all >>>>> ssl_bump bump all >>>>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M >>>>> 200MB >>>>> sslcrtd_children 3 startup=1 idle=1 >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> View this message in context: >>>>> >>>> >>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html >>>> >>>>> Sent from the Squid - Users mailing list archive at Nabble.com. >>>>> _______________________________________________ >>>>> squid-users mailing list >>>>> >>>>> squid-users@.squid-cache >>>> >>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v2 >>>> iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6 >>>> ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8 >>>> Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/ >>>> MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj >>>> fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT >>>> Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I= >>>> =WmcI >>>> -----END PGP SIGNATURE----- >>>> >>>> >>>> _______________________________________________ >>>> squid-users mailing list >>>> squid-users@.squid-cache >>>> http://lists.squid-cache.org/listinfo/squid-users >>>> >>>> >>>> 0x613DEC46.asc (2K) >>>> < >>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc> >>>> ; >>>> >>> it works now >>> >>> http_port 3428 intercept >>> https_port 3429 intercept ssl-bump generate-host-certificates=on >>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem >>> key=/home/basel/squid/rootCAkey.key >>> acl step1 at_step SslBump1 >>> acl step2 at_step SslBump2 >>> acl step3 at_step SslBump3 >>> ssl_bump peek step1 >>> ssl_bump bump all >>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB >>> sslcrtd_children 3 startup=1 idle=1 >>> >>> is it correct? >>> >> Seems correct. >> >>> >>> do i need sslproxy_cafile? >>> >> Not at all cases. By default openssl can take it own CA bundle installed >> with it. >> >> >>> >>> >>> >>> -- >>> View this message in context: >>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676364.html >>> Sent from the Squid - Users mailing list archive at Nabble.com. >>> _______________________________________________ >>> squid-users mailing list >>> > squid-users@.squid-cache >>> http://lists.squid-cache.org/listinfo/squid-users >>> >> >> _______________________________________________ >> squid-users mailing list >> > squid-users@.squid-cache >> http://lists.squid-cache.org/listinfo/squid-users >> > > > > -- > > _______________________________________________ > squid-users mailing list > squid-users@.squid-cache > http://lists.squid-cache.org/listinfo/squid-users -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676391.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
