On 16/05/17 19:54, Vieri wrote:
Which "other configuration aspects are wrong", as you say? Are you referring to "sslproxy_cert_error allow all" or are there more?
The "always_direct allow all" is wrong, you do not have cache_peer, and if you did why would you prohibit using any of them for *all* traffic ?
That "sslproxy_cert_error allow all" is the default, so useless to configure - but not exactly wrong, just a waste of CPU and memory setting up ACLs only to do nothing.
In a similar topic many of the request_header_access rules are checking for non-request headers. (eg. Title, WWW-Authenticate) or headers which are not relayed (eg. all the Proxy-* ones).
# squid -version Squid Cache: Version 3.5.14
On 16/05/17 05:25, Alex Rousskov wrote:
(and use the latest v3.5 or later if you are doing SslBump, regardless of what your OS packages for you).
The current release is 3.5.25 or 4.0.19. A lot has changed in the last year in terms of both TLS practices and how SSL-Bump works to fit with those.
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
