[squid-users] Correctly implementing peak-splice
Christos Tsantilas
christos at chtsanti.net
Mon Nov 3 10:24:45 UTC 2014
On 10/30/2014 02:06 PM, James Lay wrote:
> Hello all,
>
> Here is my complete config for trying out peek/splice. This currently
> does not work..is there something obvious that I'm mission? Current
> error is:
>
> Oct 30 06:03:14 gateway squid: 192.168.1.110 - - [30/Oct/2014:06:03:14
> -0600] "GET https://www.google.com/ HTTP/1.1" 503 3854
> TAG_NONE:HIER_NONE
>
> and on the page I get a 71 protocol error and a SSL3_WRITE_PENDING:bad
> write retry.
- You should use at_step acl to configure different bumping modes on
each bumping step.
- If you used "peek" mode on SslBump1 and SslBump2 steps then on
SslBump3 step you should use "splice". If you select "bump" the most
possible is that you got SSL connection errors.
The "peek" mode on SslBump3 step is interpreted as "bump" mode.
-if you selected peek mode on SslBump1 and SslBump2 steps, in most
cases, you can select only "terminate" or "splice" for SslBump3 step.
The following configuration should work:
# Bumping steps:
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
# Selecting bumping mode
ssl_bump peek step1 all
ssl_bump peek step2 all
ssl_bump splice step3 all
Regards,
Christos
More information about the squid-users
mailing list