Aaron Turner wrote > Thanks Yuri. That helps. As for the "sslproxy_flags > DONT_VERIFY_PEER", yes I understand the risks. In my specific case, > where my "users" are actually a bunch of automated web clients doing > some web crawling it's the right thing to do. > -- > Aaron Turner I tried using bump all myself with actual human beings (200+) using browsers ranging from Mozilla Firefox, Seamonkey, Chrome, to Safari and Opera. I don't know why I had to face it, but with bump all I got many errors with many websites. It only worked with me like this: http_port 3128 ssl-bump cert=/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=999MB sslcrtd_children 100 ssl_bump none BadSSL ssl_bump server-first all Like you see, I'm using server-first word in place of bump word. This is the only way I got it to work with natural human browsing. I also could not use intercept mode, because every major browser considers it a crime to let it go! They would just spit all sorts of errors at user's face and have you clean the spitting up :D :D Of course, BadSSL above is the ACL for all sites using the new fiasco of hardcoded certificates (certificate-pinning), otherwise, they don't pass at all! -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
