Re: squid-users Digest, Vol 22, Issue 136

Yuri <yvoinov@xxxxxxxxx> · Tue, 28 Jun 2016 14:36:18 +0600

28.06.2016 14:31, Anand Palani пишет:
Hello,

can you use some IP address instead of domain names (skype.com & 
chatapp) for No SSLBUMP.
This works only for squid 3.4. 3.5 and above uses different scheme to 
execute peek-n-splice/bump. IP addresses exists only at CONNECT phase.

On 6/28/2016 1:30 PM, squid-users-request@xxxxxxxxxxxxxxxxxxxxx wrote:
Send squid-users mailing list submissions to
    squid-users@xxxxxxxxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
    http://lists.squid-cache.org/listinfo/squid-users
or, via email, send a message with subject or body 'help' to
    squid-users-request@xxxxxxxxxxxxxxxxxxxxx

You can reach the person managing the list at
    squid-users-owner@xxxxxxxxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."

Today's Topics:

    1. Re: squid with HTTPS and some APPs not working (Yuri)

----------------------------------------------------------------------

Message: 1
Date: Tue, 28 Jun 2016 14:00:12 +0600
From: Yuri <yvoinov@xxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  squid with HTTPS and some APPs not working
Message-ID: <8840f7dd-cf2f-3077-9f44-1446480d5eab@xxxxxxxxx>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

28.06.2016 13:39, --Ahmad-- пишет:
Hi ,
i have squid that is working on 3.5 .

traffic of t 80 and 443 traffic to Squid via IPTables.

Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to
intercept all SSL traffic and PKI has been setup and distributed to
all clients.

we have a problem in  Skype of Business (Office 365) and Slack (Chat
app)  seems its broken from squid intercept.

i tried to do exception for ssl for the domains that shown on the
ACCess.log file when i use the APPs , but no luck

i tried to execlide the websites below :

skype.com <http://skype.com>
lync.com
todyl.com
fastly\.net
.slack-msgs.com
.amazonaws.com
.slack.com <http://slack.com>

#########################################################
but  it still not working and the APPS (( Skype of Business (Office
365) and Slack (Chat app))) are not working .

again , here is my nobump file :

cat /opt/etc/squid.doms.nobump

\.skype\.com$
\.lync\.com$
\.todyl\.com$
\.fastly\.net$
\.slack-msgs\.com$
\.amazonaws\.com$
\.slack\.com$

##############################################################

current versions we have :

·Squid 3.5.19

·C-ICAP 0.4.2

·SquidclamAV 6.15

·ClamAV 0.99.2

######################################################################

   here is squid.conf :

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8# RFC1918 possible internal network

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
http_access allow localhost manager
http_access deny manager

# Squid normally listens to port 3128
http_port 3127
http_port 3128 intercept

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

visible_hostname shield.TodylInc.shield

cache_log /opt/var/log/squid/cache_log
cache_access_log /opt/var/log/squid/access_log

#user and group
cache_effective_user squid
cache_effective_group squid

acl todyl dstdomaintodyl.com <http://todyl.com>
request_header_add X-TODYL-GUID 1e46dccd2 todyl

#Custom Error Pages
error_directory /opt/www/squid

# Squid listen Port
https_port 3129 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB key=/opt/etc/pki/squid/ca-key.pem
cert=/opt/etc/pki/squid/ca.pem options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
Search list "Skype issue" thread, some day ago.

# SSL Bump Config
always_direct allow all
ssl_bump server-first all
sslcrtd_program /opt/libexec/ssl_crtd -s /opt/lib/ssl_db -M 4MB
sslcrtd_children 32 startup=5 idle=1

##############################################
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex -i 
"/opt/etc/squid.doms.nobump"
ssl_bump splice NoSSLIntercept
ssl_bump peek DiscoverSNIHost
ssl_bump bump all
##################

#Hardening
sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
#                SINGLE_ECDH_USE
#                      Enable ephemeral ECDH key exchange.
#                      The adopted curve should be specified
#                      using the tls-dh option.

#       tls-dh=[curve:]file
#            File containing DH parameters for temporary/ephemeral DH 
key
#            exchanges, optionally prefixed by a curve for ephemeral 
ECDH
#            key exchanges.
#            See OpenSSL documentation for details on how to create the
#            DH parameter file. Supported curves for ECDH can be listed
#            using the "openssl ecparam -list_curves" command.
#            WARNING: EDH and EECDH ciphers will be silently disabled if
#                 this option is not set.

sslproxy_cipher
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS 

#       tls-dh=[curve:]file
#            File containing DH parameters for temporary/ephemeral DH 
key
#            exchanges, optionally prefixed by a curve for ephemeral 
ECDH
#            key exchanges.
#            See OpenSSL documentation for details on how to create the
#            DH parameter file. Supported curves for ECDH can be listed
#            using the "openssl ecparam -list_curves" command.
#            WARNING: EDH and EECDH ciphers will be silently disabled if
#                 this option is not set.

# TUNING
cache_dir aufs /var/cache/squid 40000 16 256
store_dir_select_algorithm round-robin
minimum_object_size 0 KB
maximum_object_size 96 MB
memory_pools off
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
cache_mem 1500 MB
buffered_logs on
half_closed_clients off

dns_nameservers 10.192.0.1
##################################################################

here is squid -k parse :

[root@1e46dccd2 var]# squid -k parse
2016/06/27 08:06:08| Startup: Initializing Authentication Schemes ...
2016/06/27 08:06:08| Startup: Initialized Authentication Scheme 'basic'
2016/06/27 08:06:08| Startup: Initialized Authentication Scheme 
'digest'
2016/06/27 08:06:08| Startup: Initialized Authentication Scheme
'negotiate'
2016/06/27 08:06:08| Startup: Initialized Authentication Scheme 'ntlm'
2016/06/27 08:06:08| Startup: Initialized Authentication.
2016/06/27 08:06:08| Processing Configuration File:
/opt/etc/squid.conf (depth 0)
2016/06/27 08:06:08| Processing: acl localnet src 10.0.0.0/8 # RFC1918
possible internal network
2016/06/27 08:06:08| Processing: http_access allow localnet
2016/06/27 08:06:08| Processing: http_access allow localhost
2016/06/27 08:06:08| Processing: http_access allow localhost manager
2016/06/27 08:06:08| Processing: http_access deny manager
2016/06/27 08:06:08| Processing: http_port 3127
2016/06/27 08:06:08| Processing: http_port 3128 intercept
2016/06/27 08:06:08| Starting Authentication on port [::]:3128
2016/06/27 08:06:08| Disabling Authentication on port [::]:3128
(interception enabled)
2016/06/27 08:06:08| Processing: coredump_dir /var/cache/squid
2016/06/27 08:06:08| Processing: visible_hostname 
shield.TodylInc.shield
2016/06/27 08:06:08| Processing: cache_log /opt/var/log/squid/cache_log
2016/06/27 08:06:08| Processing: cache_access_log
/opt/var/log/squid/access_log
2016/06/27 08:06:08| Processing: cache_effective_user squid
2016/06/27 08:06:08| Processing: cache_effective_group squid
2016/06/27 08:06:08| Processing: acl todyl dstdomain todyl.com
<http://todyl.com>
2016/06/27 08:06:08| Processing: request_header_add X-TODYL-GUID
1e46dccd2 todyl
2016/06/27 08:06:08| Processing: error_directory /opt/www/squid
2016/06/27 08:06:08| Processing: https_port 3129 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
key=/opt/etc/pki/squid/ca-key.pem cert=/opt/etc/pki/squid/ca.pem
options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
2016/06/27 08:06:08| Starting Authentication on port [::]:3129
2016/06/27 08:06:08| Disabling Authentication on port [::]:3129
(interception enabled)
2016/06/27 08:06:08| Processing: always_direct allow all
2016/06/27 08:06:08| Processing: ssl_bump server-first all
2016/06/27 08:06:08| Processing: sslcrtd_program /opt/libexec/ssl_crtd
-s /opt/lib/ssl_db -M 4MB
2016/06/27 08:06:08| Processing: sslcrtd_children 32 startup=5 idle=1
2016/06/27 08:06:08| Processing: acl DiscoverSNIHost at_step SslBump1
2016/06/27 08:06:08| Processing: acl NoSSLIntercept
ssl::server_name_regex -i "/opt/etc/squid.doms.nobump"
2016/06/27 08:06:08| Processing: ssl_bump splice NoSSLIntercept
2016/06/27 08:06:08| Processing: ssl_bump peek DiscoverSNIHost
2016/06/27 08:06:08| Processing: ssl_bump bump all
2016/06/27 08:06:08| Processing: sslproxy_options
NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
2016/06/27 08:06:08| Processing: sslproxy_cipher
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS 

2016/06/27 08:06:08| Processing: cache_dir aufs /var/cache/squid 40000
16 256
2016/06/27 08:06:08| Processing: store_dir_select_algorithm round-robin
2016/06/27 08:06:08| Processing: minimum_object_size 0 KB
2016/06/27 08:06:08| Processing: maximum_object_size 96 MB
2016/06/27 08:06:08| Processing: memory_pools off
2016/06/27 08:06:08| Processing: quick_abort_min 0 KB
2016/06/27 08:06:08| Processing: quick_abort_max 0 KB
2016/06/27 08:06:08| Processing: log_icp_queries off
2016/06/27 08:06:08| Processing: client_db off
2016/06/27 08:06:08| Processing: cache_mem 1500 MB
2016/06/27 08:06:08| Processing: buffered_logs on
2016/06/27 08:06:08| Processing: half_closed_clients off
2016/06/27 08:06:08| Processing: dns_nameservers 10.192.0.1
2016/06/27 08:06:08| Initializing https proxy context
2016/06/27 08:06:08| Initializing https_port [::]:3129 SSL context
2016/06/27 08:06:08| Using certificate in /opt/etc/pki/squid/ca.pem
—————————————————————————————————

here is access.log

1467029265.989     50 10.192.0.12 TAG_NONE/200 0 CONNECT
52.84.29.139:443 - ORIGINAL_DST/52.84.29.139 -
1467029265.999     59 10.192.0.12 TAG_NONE/200 0 CONNECT
52.84.29.139:443 - ORIGINAL_DST/52.84.29.139 -
1467029266.070     59 10.192.0.12 TCP_MISS/200 13171 GET
https://slack.com/help/test - ORIGINAL_DST/52.84.29.139 text/html
1467029266.222     53 10.192.0.12 TAG_NONE/200 0 CONNECT
172.217.5.14:443 - ORIGINAL_DST/172.217.5.14 -
1467029266.234     66 10.192.0.12 TCP_MISS/200 598 GET
https://slack.com/beacon/track/? - ORIGINAL_DST/52.84.29.139 image/gif
1467029266.274     26 10.192.0.12 TCP_MISS/200 557 GET
https://www.google-analytics.com/r/collect? -
ORIGINAL_DST/172.217.5.14 image/gif
1467029266.314     66 10.192.0.12 TAG_NONE/200 0 CONNECT
169.54.33.172:443 - ORIGINAL_DST/169.54.33.172 -
1467029266.368     21 10.192.0.12 TCP_MISS/200 547 GET
https://api.mixpanel.com/track/? - ORIGINAL_DST/169.54.33.172
application/json
1467029266.469     42 10.192.0.12 TAG_NONE/200 0 CONNECT
199.27.76.249:443 - ORIGINAL_DST/199.27.76.249 -
1467029266.722    231 10.192.0.12 TCP_MISS/200 11968 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-0.png? -
ORIGINAL_DST/199.27.76.249 image/png
1467029267.044    303 10.192.0.12 TAG_NONE/200 0 CONNECT
54.231.161.8:443 - ORIGINAL_DST/54.231.161.8 -
1467029267.231    170 10.192.0.12 TCP_MISS/200 11994 GET
https://s3-us-west-2.amazonaws.com/slack-files2/beacons/boomerang1/image-0.png? 

- ORIGINAL_DST/54.231.161.8 image/png
1467029267.482    145 10.192.0.12 TAG_NONE/200 0 CONNECT
54.172.232.15:443 - ORIGINAL_DST/54.172.232.15 -
1467029267.563     63 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
https://mpmulti-y6oq.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
- ORIGINAL_DST/54.172.232.15 -
1467029267.771    167 10.192.0.12 TAG_NONE/200 0 CONNECT
52.91.147.164:443 - ORIGINAL_DST/52.91.147.164 -
1467029267.891    110 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
https://mpmulti-f4bz.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
- ORIGINAL_DST/52.91.147.164 -
1467029268.106    153 10.192.0.12 TAG_NONE/200 0 CONNECT
52.23.253.30:443 - ORIGINAL_DST/52.23.253.30 -
1467029268.194     79 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
https://mpmulti-zdjz.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
- ORIGINAL_DST/52.23.253.30 -
1467029268.449    160 10.192.0.12 TAG_NONE/200 0 CONNECT
52.201.253.102:443 - ORIGINAL_DST/52.201.253.102 -
1467029268.567    110 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
https://mpmulti-2pbf.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
- ORIGINAL_DST/52.201.253.102 -
1467029268.764    149 10.192.0.12 TAG_NONE/200 0 CONNECT
52.91.121.224:443 - ORIGINAL_DST/52.91.121.224 -
1467029268.845     74 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
https://mpmulti-x1if.slack-msgs.com/websocket/_CONNECTION_TEST_TOKEN_
- ORIGINAL_DST/52.91.121.224 -
1467029268.967    108 10.192.0.12 TCP_MISS/200 516 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029269.169    187 10.192.0.12 TCP_MISS/200 517 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029269.285    101 10.192.0.12 TCP_MISS/200 516 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029269.467    167 10.192.0.12 TCP_MISS/200 517 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029269.643    160 10.192.0.12 TCP_MISS/200 517 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029269.824    165 10.192.0.12 TCP_MISS/200 517 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029270.004    164 10.192.0.12 TCP_MISS/200 517 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029270.186    165 10.192.0.12 TCP_MISS/200 517 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029270.295     94 10.192.0.12 TCP_MISS/200 516 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029270.489    173 10.192.0.12 TCP_MISS/200 517 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-l.gif? -
ORIGINAL_DST/199.27.76.249 image/gif
1467029270.656    151 10.192.0.12 TCP_MISS_ABORTED/000 0 GET
https://slack.global.ssl.fastly.net/beacons/boomerang1/image-0.png? -
ORIGINAL_DST/199.27.76.249 -
1467029273.699     57 10.192.0.12 TCP_MISS/200 951 GET
http://lyncdiscover.todyl.com/? - ORIGINAL_DST/131.253.163.205
application/vnd.microsoft.rtc.autodiscover+xml
1467029273.713     72 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.163.205:443 - ORIGINAL_DST/131.253.163.205 -
1467029273.797     73 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
1467029273.874     70 10.192.0.12 TCP_MISS/200 1453 GET
https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root? 

- ORIGINAL_DST/131.253.161.142
application/vnd.microsoft.rtc.autodiscover+xml
1467029273.952     74 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
1467029273.985     25 10.192.0.12 TCP_MISS/401 2206 GET
https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user? 

- ORIGINAL_DST/131.253.161.142 text/html
1467029274.077     76 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
1467029274.217    132 10.192.0.12 TCP_MISS/200 18842 POST
https://webdir2a.online.lync.com/WebTicket/WebTicketService.svc/mex -
ORIGINAL_DST/131.253.161.142 application/soap+xml
1467029274.430    152 10.192.0.12 TAG_NONE/200 0 CONNECT
23.96.208.238:443 - ORIGINAL_DST/23.96.208.238 -
1467029274.631    180 10.192.0.12 TCP_MISS/200 16835 POST
https://login.microsoftonline.com/RST2.srf -
ORIGINAL_DST/23.96.208.238 application/soap+xml
1467029274.720     75 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
1467029274.858    131 10.192.0.12 TCP_MISS/200 6107 POST
https://webdir2a.online.lync.com/WebTicket/WebTicketAdvancedService.svc/WsFed_bearer 

- ORIGINAL_DST/131.253.161.142 text/xml
1467029274.936     73 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
1467029274.998     55 10.192.0.12 TCP_MISS/200 2507 GET
https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user? 

- ORIGINAL_DST/131.253.161.142
application/vnd.microsoft.rtc.autodiscover+xml
1467029275.099     72 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.139:443 - ORIGINAL_DST/131.253.161.139 -
1467029275.216     70 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.147:443 - ORIGINAL_DST/131.253.161.147 -
1467029275.524    107 10.192.0.12 TAG_NONE/200 0 CONNECT
134.170.113.218:443 - ORIGINAL_DST/134.170.113.218 -
1467029279.731     24 10.192.0.12 TCP_MISS/200 951 GET
http://lyncdiscover.todyl.com/? - ORIGINAL_DST/131.253.163.205
application/vnd.microsoft.rtc.autodiscover+xml
1467029279.778     71 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.163.205:443 - ORIGINAL_DST/131.253.163.205 -
1467029279.814     76 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
1467029279.847     27 10.192.0.12 TCP_MISS/200 1453 GET
https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root? 

- ORIGINAL_DST/131.253.161.142
application/vnd.microsoft.rtc.autodiscover+xml
1467029279.922     70 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
1467029279.952     24 10.192.0.12 TCP_MISS/401 2206 GET
https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user? 

- ORIGINAL_DST/131.253.161.142 text/html
1467029280.032     73 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.142:443 - ORIGINAL_DST/131.253.161.142 -
1467029280.092     54 10.192.0.12 TCP_MISS/200 2507 GET
https://webdir2a.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user? 

- ORIGINAL_DST/131.253.161.142
application/vnd.microsoft.rtc.autodiscover+xml
1467029280.180     73 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.139:443 - ORIGINAL_DST/131.253.161.139 -
1467029280.270     73 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.161.147:443 - ORIGINAL_DST/131.253.161.147 -
1467029280.396    107 10.192.0.12 TAG_NONE/200 0 CONNECT
134.170.113.218:443 - ORIGINAL_DST/134.170.113.218 -
1467029287.555     75 10.192.0.12 TAG_NONE/200 0 CONNECT
157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
1467029287.673     92 10.192.0.12 TAG_NONE/200 0 CONNECT
157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
1467029287.681     41 10.192.0.12 TCP_MISS/200 607 GET
http://login.live.com/ppcrlcheck.srf - ORIGINAL_DST/131.253.61.68
text/html
1467029287.729     41 10.192.0.12 TAG_NONE/200 0 CONNECT
157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
1467029287.784     46 10.192.0.12 TAG_NONE/200 0 CONNECT
157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
1467029287.801     92 10.192.0.12 TAG_NONE/200 0 CONNECT
131.253.61.68:443 - ORIGINAL_DST/131.253.61.68 -
1467029287.859     61 10.192.0.12 TAG_NONE/200 0 CONNECT
157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
1467029287.926     52 10.192.0.12 TAG_NONE/200 0 CONNECT
157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
1467029287.964    134 10.192.0.12 TCP_MISS/200 10828 POST
https://login.live.com/RST2.srf - ORIGINAL_DST/131.253.61.68
application/soap+xml
1467029287.998     56 10.192.0.12 TAG_NONE/200 0 CONNECT
157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
1467029288.051     40 10.192.0.12 TAG_NONE/200 0 CONNECT
157.55.133.204:443 - ORIGINAL_DST/157.55.133.204 -
1467029288.204     46 10.192.0.12 TCP_MISS/302 538 GET
http://go.microsoft.com/fwlink/? - ORIGINAL_DST/23.66.120.244 -
1467029288.389    147 10.192.0.12 TCP_MISS/302 1786 GET
http://www.microsoft.com/security/encyclopedia/adlpackages.aspx? -
ORIGINAL_DST/23.203.90.59 text/html
1467029288.422     48 10.192.0.12 TAG_NONE/200 0 CONNECT
13.90.208.215:443 - ORIGINAL_DST/13.90.208.215 -
1467029288.882    311 10.192.0.12 TAG_NONE/200 0 CONNECT
104.41.32.78:443 - ORIGINAL_DST/104.41.32.78 -

Any Help ????
Finally. Where is you specify following parameters in squid.conf:

sslproxy_cafile /usr/local/squid/etc/ca-bundle.crt
sslproxy_foreign_intermediate_certs 
/usr/local/squid/etc/intermediate_ca.pem

???

*
*

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://lists.squid-cache.org/pipermail/squid-users/attachments/20160628/91929761/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

------------------------------

End of squid-users Digest, Vol 22, Issue 136
********************************************

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users