a decent way to speed up Facebook?

turgut kalfaoğlu <turgut@xxxxxxxxxxxxx> · Tue, 4 Sep 2018 19:44:43 +0300



    Hello there. I have a transparent squid at my home to speed up
      the browsing by caching stuff.  And it works well for HTTP.
     For HTTPS, I was only able to get it to "peek" and I'd like to
      able to bump the connections.

    
    I installed the server certificate on the client, but still, the
      browser (firefox) keeps complaining:
    Your connection is not secure

      The owner of www.facebook.com has configured their website
      improperly. To protect your information from being stolen, Firefox
      has not connected to this website.

      This site uses HTTP Strict Transport Security (HSTS) to specify
      that Firefox may only connect to it securely. As a result, it is
      not possible to add an exception for this certificate.

    
    Here is what I have:

    #

    # serverIsBank is a list of domains that are banks essentially. They
    seem more picky.

    #

    ssl_bump splice serverIsBank

    ssl_bump peek all

    # ssl_bump bump all    # this does not work, it gives the error
    above..

    
    https_port 3129 intercept ssl-bump \

            generate-host-certificates=on
    dynamic_cert_mem_cache_size=4MB \

            cert=/etc/squid/ssl_cert/tk2ca.pem
    key=/etc/squid/ssl_cert/tk2ca.pem \

           sslflags=NO_SESSION_REUSE

    tls_outgoing_options cafile=/etc/pki/tls/certs/ca-bundle.crt

    sslproxy_cert_adapt setCommonName ssl::certDomainMismatch

    sslproxy_cert_error allow all

    sslcrtd_program  /usr/lib64/squid/security_file_certgen  -s
    /var/lib/ssl_db -M $

    sslcrtd_children 50 startup=5 idle=5

    
    Thanks, -turgut
    

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users