[squid-users] using splice just to improve TLS SNI logging

[Alex Rousskov]

On 12/03/2015 08:35 PM, Jason Haar wrote:

> Does going "splice" mode avoid all the potential SSL/TLS issues
> surrounding bump? ie it won't care about client certs, weird TLS
> extensions, etc? (ie other than availability, it shouldn't introduce a
> new way of failing?)

Obtaining SNI information requires parsing TLS handshake, so you will be
partially exposed to the dangers of that experimental and changing code.
Splicing at step1 is safer but does not give you SNI.

Alex.