Just to rewind this conversation to the actual problem ... On 24/08/2016 11:42 p.m., Samuraiii wrote: > On 24.8.2016 13:18, Antony Stone wrote: >> Unfortunately it's not Squid that's the challenge - it's the browser. >> >> If you're using Firefox and/or Chrome, you should be okay. >> >> See "Encrypted browser-Squid connection" at the bottom of >> http://wiki.squid-cache.org/Features/HTTPS >> >> >> Antony. >> > I have seen that, it is the cause of my subscription to this list. > I haven't been able to find any usable hints. > My config attempt fails > <snip> > > https_port 8443 \ > cert=/etc/letsencrypt/live/sklad.duckdns.org/cert.pem \ > key=/etc/letsencrypt/live/sklad.duckdns.org/key.pem \ > cleintca=/etc/letsencrypt/live/sklad.duckdns.org/fullchain.pem \ > tls-dh=/etc/ssl/certs/dhparam.pem \ > sslproxy_options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE \ > cipher=HIGH As Dio mentioned the cleintca= (or rather clientca=) is for authenticating clients ceritficates. Don't use that unless you are requiring client certs in TLS. The rest of your config looks reasonable to me. I suspect you have found a bug introduced during all the SSL-Bump code changes. Please make a bugzilla report and include your exact Squid version (found with the 'squid -v' command), the https_port line(s) and the exact error message produced on startup. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
