On 08/31/2016 09:15 AM, Amos Jeffries wrote: > On 1/09/2016 2:26 a.m., erdosain9 wrote: >> Hi. >> Im using ssl-bump.. all ir working fine, but i want to know if it is >> possible that which is not seen crossed out and red "https". >> This happen just in Chrome >> This page is insecure (broken HTTPS) >> SHA-1 Certificate >> The certificate for this site expires in 2017 or later, and the certificate >> chain contains a certificate signed using SHA-1. Sounds like you are running an old Squid version. > This requires changes to the certificate generator used by SSL-Bump. > IIRC there were some patches, but I can't find them right now in the > changesets. If the issue exists in current releases then please ask on > squid-dev. See http://www.squid-cache.org/Doc/config/sslproxy_cert_sign_hash/ > Of course, its possible the site realy does have a SHA1 certificate and > Squid is just passing on the real details. The mimic feature is designed > to ensure TLS is actually transparent as best we can manage. I have not checked, but I doubt we mimic the signing algorithm (because it would make client-Squid communication less secure?). If we do, we should update the wiki page that lists what is being mimicked. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
