[squid-users] Squid "bumping" traffic despite using "splice" directive

Amos Jeffries squid3 at treenet.co.nz
Thu Nov 12 23:47:51 UTC 2015

On 13/11/2015 8:12 a.m., Alex Rousskov wrote:
> On 11/12/2015 11:31 AM, Tom Mowbray wrote:
>> Here is the significant portion of our squid.conf:
>> acl sslallow ssl::server_name "/path/to/file"
>> ssl_bump peek all
>> ssl_bump splice sslallow
>> ssl_bump terminate all
>> Most of the sites in acl sslallow work as expected...but some sites come
>> back with a certificate error as described above, suggesting that they
>> were "bumped" using our mimicked certificate.  This behavior also isn't
>> 100% reproducible...sometimes it works as expected, though it usually
>> does not.

I am wondering if this is all a misunderstanding of what happens when a
peek is being done at step2 / server cert details ?

I think this ordering better matches the policy:

 ssl_bump splice sslallow
 ssl_bump peek all
 ssl_bump terminate all


More information about the squid-users mailing list