[squid-users] cant bump ssl

Amos Jeffries squid3 at treenet.co.nz
Tue Dec 15 21:57:44 UTC 2015

On 16/12/2015 9:17 a.m., Alex Rousskov wrote:
> On 12/15/2015 12:46 PM, HackXBack wrote:
>> why i cant bump ssl conection with android 
>> my squid conf is
>> ssl_bump bump ssl_step2 SNIGroup5
>> ssl_bump splice all
> In modern Squids, your configuration above is equivalent to:
>   ssl_bump splice all
> because, during the very first SslBump processing step (step1), your
> bump rule never matches while your splice rule always does. Once the
> final rule (bump, splice, or terminate) matches, Squid performs the
> matched action and stops further SslBump rules processing.

Um, I dont think so. There is a "peek step1" hiding a few lines above that.

So it should be peek at step 1, bump or splice at step 2.

 you mention TAG_NONE. That means bump did start happening. Splice or
nothing at all would be TCP_TUNNEL in the log.

This is sounding just like the Solaris timeout issues Yuri was having
before we fixed /dev/poll in 3.5.11. We continue to find and fix issues
with bumping though, so 3.5.12 is needed.


More information about the squid-users mailing list