[squid-users] SSL connction failed due to SNI after content redirection
Amos Jeffries
squid3 at treenet.co.nz
Wed Jul 22 12:21:31 UTC 2015
On 22/07/2015 12:44 p.m., Alex Wu wrote:
> it depends on how you set up squid, and where the connection is broken. The patch addessed the issue that occured using sslbump and content redirect together.
>
I'd like some clarification what the exact problem symptoms are please.
AFAIK, both redirect and re-write actions happen a relatively long time
*after* the bumping TLS handshakes to server are completed. Its far too
late to send the pre-handshake SNI data to the server.
I can see this change as affecting reverse-proxy / CDN configurations
with TLS on both connections. But you said this was SSL-bumping, and
reverse-proxy configurations already have a cache_peer option to set the
internal domain name without re-write/redirect.
Amos
More information about the squid-users
mailing list