SQUID_TLS_ERROR_ACCEPT
-
Hello, I have this problem, this prevents my users from browsing at least momentarily, sometimes I have to delete the cache to be able to solve it but after a short time the error returns.
Does anyone know what causes this error or how to solve it?
-
@cavouto try with cache disable, now days this is not worth, most sites are https, regards.
-
@cavouto I have been seeing this in 6.6, and 6.7 also. I did not see it in version 5.8. I also use ssl intercept with cache and ClamAV. Someone is probably going to chime in and tell you "remove the package, it's not supported anymore."
I am personally just going to use the old pfsense version until Squid is fixed, and if it doesn't get fixed go to OpenSense. Palo alto and many other firewall vendors do ssl intercept, even OpenSense has the updated Squid working. I wish I could help with the package but I still need to take a C class first.
It has to be a simple fix in the code
-
@JonathanLee you mention you are in school on other posts. Strongly recommend you explore and learn Palo Alto if you have the ability to do so.
Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
@michmoor I already have done a full semester of firewalls and Palo Alto was a lot of it. There is got to be a simple setting with this like enabling the loopback or something to fix this. The status page URL changed in 6.6 also it was a simple change in Squid
-
@michmoor Don't you work with Google? Palo Alto AppID is amazing, they also had databases for social media platforms like this, “approve Facebook base” and it would allow it or block it. I have a feature request open for Android and iPhone based auto database based on what each vendor has listed on the website for enterprise use. So it would be as easy as a radio button to auto splice and approve in Squid. Not much movement I wanted it like the Palo Alto ones but they don’t specify smartphone platforms etc. The database stuff is lacking on Squid outside of blacklists there is not really an approve list, and or virtualization fingerprinting.
-
@cavouto have you created a new certificate yet non rsa? I needed one that ECDSA with prime256v sha256 and not RSA anymore that solved my errors
The error is gone when this cert is used :)
