[squid-users] cant bump ssl
Amos Jeffries
squid3 at treenet.co.nz
Tue Dec 15 21:57:44 UTC 2015
On 16/12/2015 9:17 a.m., Alex Rousskov wrote:
> On 12/15/2015 12:46 PM, HackXBack wrote:
>> why i cant bump ssl conection with android
>> my squid conf is
>
>> ssl_bump bump ssl_step2 SNIGroup5
>> ssl_bump splice all
>
>
> In modern Squids, your configuration above is equivalent to:
>
> ssl_bump splice all
>
> because, during the very first SslBump processing step (step1), your
> bump rule never matches while your splice rule always does. Once the
> final rule (bump, splice, or terminate) matches, Squid performs the
> matched action and stops further SslBump rules processing.
Um, I dont think so. There is a "peek step1" hiding a few lines above that.
So it should be peek at step 1, bump or splice at step 2.
HackXBack:
you mention TAG_NONE. That means bump did start happening. Splice or
nothing at all would be TCP_TUNNEL in the log.
This is sounding just like the Solaris timeout issues Yuri was having
before we fixed /dev/poll in 3.5.11. We continue to find and fix issues
with bumping though, so 3.5.12 is needed.
Amos
More information about the squid-users
mailing list