"Does that error match the generated certificate sent by Squid to a blocked Chrome user? In other words, does that certificate have an invalid common name (CN) field? " No, is the same certificate. "I suggest comparing the following two certificates: * the certificate sent by Squid to a blocked FireFox user * the certificate sent by Squid to a blocked Chrome user " Is the same certificate. "I also suggest comparing the following access.log entries: * the line(s) corresponding to the blocked FireFox user request * the line(s) corresponding to the blocked Chrome user request " Line corresponding to blocked Chrome 1512493257.523 175 192.168.1.121 TCP_DENIED/200 0 CONNECT es-la.facebook.com:443 user@xxxxxxxxxx HIER_NONE/- - 1512493257.716 169 192.168.1.121 TCP_MISS/204 193 GET http://www.gstatic.com/generate_204 user@xxxxxxxxxx HIER_DIRECT/172.217.30.163 - Line corresponding to blocked Firefox 1512493386.314 43 192.168.1.121 TCP_DENIED/200 0 CONNECT es-la.facebook.com:443 user@xxxxxxxxxx HIER_NONE/- - 1512493386.317 0 192.168.1.121 TAG_NONE/403 6569 GET https://es-la.facebook.com/ user@xxxxxxxxxx HIER_NONE/- text/html 1512493386.370 173 192.168.1.121 TAG_NONE/200 0 CONNECT www.google.com.ar:443 user@xxxxxxxxxx HIER_DIRECT/216.58.222.163 - 1512493386.397 45 192.168.1.121 TCP_DENIED/200 0 CONNECT es-la.facebook.com:443 user@xxxxxxxxxx HIER_NONE/- - 1512493386.400 0 192.168.1.121 TAG_NONE/403 6561 GET http://squid.DOMAIN.lan:3128/squid-internal-static/icons/SN.png user@xxxxxxxxxx HIER_NONE/- text/html Is strange that from Firefox the "answer" is instantaneous, from chrome not. Thanks to all. -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
