[squid-users] Squid "bumping" traffic despite using "splice" directive
squid3 at treenet.co.nz
Thu Nov 12 23:47:51 UTC 2015
On 13/11/2015 8:12 a.m., Alex Rousskov wrote:
> On 11/12/2015 11:31 AM, Tom Mowbray wrote:
>> Here is the significant portion of our squid.conf:
>> acl sslallow ssl::server_name "/path/to/file"
>> ssl_bump peek all
>> ssl_bump splice sslallow
>> ssl_bump terminate all
>> Most of the sites in acl sslallow work as expected...but some sites come
>> back with a certificate error as described above, suggesting that they
>> were "bumped" using our mimicked certificate. This behavior also isn't
>> 100% reproducible...sometimes it works as expected, though it usually
>> does not.
I am wondering if this is all a misunderstanding of what happens when a
peek is being done at step2 / server cert details ?
I think this ordering better matches the policy:
ssl_bump splice sslallow
ssl_bump peek all
ssl_bump terminate all
More information about the squid-users