Hello Eliezer, Please be sure to clean up the mimicked cert storage of Squid after changing the Root CA for sslbump (if you use one). Best regards, Rafael Diladele B.V. -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of ngtech1ltd@xxxxxxxxx Sent: Wednesday, June 28, 2023 6:03 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: HSTS in browsers summary, help wanted. Hey Everyone, I am testing Squid 5.9 and 6.0.3 now and I am trying to understand what might go wrong in the client side with SSL Bump. I have a nice setup which works with a mysql DB and it can be recreated with vagrant in a very simple manner on-top of all EL8 based Distros. (Alma, Rocky, CentOS, Oracle, RHEL, Fedora). There are a set of helpers which runs in the background and do the heavy lifting to make the setup more dynamic. Since I am using an existing DESKTOP there is HSTS history in the browsers: - Edge - Chrome - Firefox I have added the Root CA certificate to both Windows trusted root ca's store and into firefox certificates store. For many sites like bing... the HSTS warning is popping out. In edge I can disable HSTS but I don't know how to clean the HSTS cache in Edge and in other browsers. Any help would be usefull. Thanks, Eliezer * I will post later on the Vagrant sources. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
