I have a default Debian Jessie (amd64) host, minimal install, which runs a linux kernel 4.3.5 form backports repo. I've installed on it an lxc container (template download, selected system is a debian jessie amd64), with NAT networking. Until this time everything was fine. In container I've installed an squid3 with default config. The only change was that I've allowed all local IPs to use the proxy (acl localnet ... etc), than set a port forward on host, to redirect tcp port 3128 into container's port 3128. O.K., it's working and I was happy until I've tried to access sucuri.net. Many more sites can access via proxy, except sucuri.net and some tumblr.com sites... The common thing: they are all accessible via https. (It's weird, beacause I can access many other sites via https without any problems)
I had no idea, I've intstalled an ubuntu (14.04) into a container, with a previous version of squid3. The result was the same: sometimes work, sometimes not.
Finally I'v installed squid with the same config onto the host and... it works without any failure.
Could you help me, why?