On 3/06/2016 1:35 a.m., William Ivanski wrote: > Thank you for your quick response. > > First of all forgive me for the lack of information in the first > email. I've tried to disable QUIC a few minutes ago and the problem > persists. Follow the information requested: > > -> Compilation: > > I've installed squid using the following commands: > > cd /usr/src > > apt-get install squid3 > > wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.15-20160330-r14015.tar.gz > > tar xvzf squid-3.5.15-20160330-r14015.tar.gz > > cd squid-3.5.15-20160330-r14015 > NP: when building your own always build the latest. Today that would be one of the 3.5.19 snapshots. > apt-get build-dep squid3 && apt-get install build-essential libssl-dev > > ./configure --enable-icap-client --enable-ssl --enable-ssl-crtd > --prefix=/usr --includedir=/usr/include --mandir=/usr/share/man > --infodir=/usr/share/info --sysconfdir=/etc --localstatedir=/var > --libexecdir=/lib/squid3 --srcdir=. --datadir=/usr/share/squid3 > --sysconfdir=/etc/squid3 --mandir=/usr/share/man > --with-default-user=squid --with- cppunit-config-basedir=/usr > --with-logdir=/var/log/squid3 --with-pidfile=/var/run/squid3.pid > --with-openssl --disable-optimizations --disable-arch-native > > service squid3 stop > > make all && make install > > useradd squid && chown -R squid:squid /var/log/squid3 Don't. The squid3 package install created the necessary user and permissions for all required things. You just need to build with the same default-user settings as Debian. IIRC that is --with-default-user=proxy > > mv /usr/sbin/squid3 /usr/sbin/squid3.old && mv/usr/sbin/squid > /usr/sbin/squid3 > > /lib/squid3/ssl_crtd -c -s /var/lib/ssl_db -M 4 MB > > chown -R squid:squid /var/lib/ssl_db > > service squid3 restart && service squid3 stop && chmod 777 > /var/spool/squid3 && squid3 -z && service squid3 restart Same here. > > OBS: We're not using ssl_crtd/ssl_db anymore. Our previous squid conf > was using intercept, but the actual one isn't configured as > transparent proxy. If that is so then any problems Chrome or other agents might be having are not related to Squid. They are just creating opaque tunnels through the proxy and doing TLS stuff end-to-end. There is no reason for the proxy to have TLS/SSL capabilities at all in that kind of setup. The config you posted confirms. The OpenSSL abilities you custom compiled to add to the proxy are not being used in any way. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users