Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 15 November 2018, 04:02:28 pm

Login with username, password and session length

Visit the Official Endian Bug tracker  HERE
13842 Posts in 4211 Topics by 5911 Members
Latest Member: Patrickacemi
Search:     Advanced search
Pages: 1 2 3 4 [5] 6 7 8 9 10
 41 
 on: Wednesday 25 July 2018, 10:23:47 pm 
Started by beto2p - Last post by beto2p
Adding the parameter "sslflags = NO_DEFAULT_CA" has solved the problem.
Memory consumption has stabilized.
Thank you very much.

The memory continues to increase because squid cache all the default CA certificates (they are ~600 default CA).
On the squid forum they suggest to add the parameter "sslflags=NO_DEFAULT_CA" in order to don't cache the CA.
So if you can edit /etc/squid/squid.conf.tmpl and where see these lines

Code:
    #if $HTTPS_MODE != 'disabled' and $HTTPS_CERT
http_port $ip_addr:$PROXY_PORT ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS
      #if $transparent or $tproxy
http_port $ip_addr:18080 $intercept_kind
https_port $ip_addr:18081 $intercept_kind ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS
      #end if


please "sslflags=NO_DEFAULT_CA" like this:
Code:
    #if $HTTPS_MODE != 'disabled' and $HTTPS_CERT
http_port $ip_addr:$PROXY_PORT ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS sslflags=NO_DEFAULT_CA
      #if $transparent or $tproxy
http_port $ip_addr:18080 $intercept_kind
https_port $ip_addr:18081 $intercept_kind ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS sslflags=NO_DEFAULT_CA
      #end if

then save the file and restart squid with "jobcontrol restart squid --force"


 42 
 on: Monday 23 July 2018, 05:39:04 pm 
Started by beto2p - Last post by Dark-Vex
The memory continues to increase because squid cache all the default CA certificates (they are ~600 default CA).
On the squid forum they suggest to add the parameter "sslflags=NO_DEFAULT_CA" in order to don't cache the CA.
So if you can edit /etc/squid/squid.conf.tmpl and where see these lines

Code:
    #if $HTTPS_MODE != 'disabled' and $HTTPS_CERT
http_port $ip_addr:$PROXY_PORT ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS
      #if $transparent or $tproxy
http_port $ip_addr:18080 $intercept_kind
https_port $ip_addr:18081 $intercept_kind ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS
      #end if


please "sslflags=NO_DEFAULT_CA" like this:
Code:
    #if $HTTPS_MODE != 'disabled' and $HTTPS_CERT
http_port $ip_addr:$PROXY_PORT ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS sslflags=NO_DEFAULT_CA
      #if $transparent or $tproxy
http_port $ip_addr:18080 $intercept_kind
https_port $ip_addr:18081 $intercept_kind ssl-bump cert=$HTTPS_CERT generate-host-certificates=on cipher=$HTTPS_CIPHERS options=$HTTPS_OPTIONS sslflags=NO_DEFAULT_CA
      #end if

then save the file and restart squid with "jobcontrol restart squid --force"

 43 
 on: Monday 23 July 2018, 05:17:38 pm 
Started by sagipael - Last post by Dark-Vex
try with:

curl -k https://mywebsite.tld

-k will accept all kind of certificates

 44 
 on: Saturday 21 July 2018, 07:19:18 am 
Started by beto2p - Last post by beto2p
Hi, how many users do you have behind this system?

80 users.

I've upgraded memory to 8GB. But it did not solve the problem.
Memory consumption continues to increase gradually until it reaches the limit.
I scheduled in crontab daily tasks to restart squid. But this is a temporary solution

 45 
 on: Thursday 19 July 2018, 06:36:47 pm 
Started by sagipael - Last post by sagipael
Hi,

I have VM of endian 2.4.1 (i know its old version - but i have a lot of VMs in this version..)


i tried to make curl command to specific website (from the efw shell) - but i received security error:
"Verify return code: 20 (unable to get local issuer certificate)"

i tried to add the crt of the Trusted root CA to /etc/ssl/certs/ca-bundle.crt
but its the same error.
tried to force to use the CA file with  curl -CAfile XXXX.crt
same error..


im also found - that i have the same issue in all websites i tried to reach with curl..

(i do not have this issue with newer version of EFW)


maybe someone can advise??

maybe someone knows how to update the openssl version?

Thanks.
Sagi

 46 
 on: Tuesday 17 July 2018, 07:37:55 pm 
Started by wart101 - Last post by wart101
If you have an RJ-11 con the wall most probably your internet connection is an xDSL connection and you need an XDSL router

Yup, i think they are just two different technologies, i thought maybe there was a chance that you could somehow connect directly to the Endian firewall, ill have to run it through a router first then the Endian it seems.

Thanks for the replay

 47 
 on: Monday 16 July 2018, 06:40:36 pm 
Started by wart101 - Last post by Dark-Vex
If you have an RJ-11 con the wall most probably your internet connection is an xDSL connection and you need an XDSL router

 48 
 on: Monday 16 July 2018, 06:37:58 pm 
Started by wgd - Last post by Dark-Vex
In the POP3 Proxy settings the option "Intercept SSL/TLS encrypted connections" is enabled or disabled?

 49 
 on: Monday 16 July 2018, 06:34:29 pm 
Started by beto2p - Last post by Dark-Vex
Hi, how many users do you have behind this system?

 50 
 on: Sunday 15 July 2018, 02:15:08 pm 
Started by wart101 - Last post by wart101
Having trouble getting a connection to my red zone, the outlet from my wall is RJ11 and obviously the network card is RJ45, i have a rj11 to rj45 cable but it doesn't register the connection, please help.

Pages: 1 2 3 4 [5] 6 7 8 9 10
Page created in 0.095 seconds with 15 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com