[squid-users] Deny Access based on SSL-Blacklists (SHA1-Fingerprint) with ssl_bump

Alex Rousskov rousskov at measurement-factory.com
Mon Dec 7 15:02:59 UTC 2015

On 12/07/2015 04:37 AM, Ralf Hildebrandt wrote:
> * Alex Rousskov <rousskov at measurement-factory.com>:
>> Please note that if you do not want to bump anything, then the following
>> should also work (bugs notwithstanding):
>>     ssl_bump splice whitelist
>>     ssl_bump peek all
>>     ssl_bump terminate blacklist
>>     ssl_bump splice all
> That doesn't seem to work for me (squid 3.5.2)

> Yet I still can connect. What am I doing wrong?

If you are indeed using v3.5.2, then that is a big red flag.

If you are using the latest v3.5 release, then you should open a bug
report, preferably with an ALL,9 log depicting a single failing
transaction. AFAICT, the above is meant to work. If it does not, there
is either a Squid bug or misconfiguration [that I cannot detect by
reading email].

Thank you,


More information about the squid-users mailing list