[squid-users] Some questions about ssl_bump.
Bruce Markey
bmarkey at gmail.com
Tue Nov 17 21:25:59 UTC 2015
Amos,
Looking at the squid docs for peek and splice (
http://wiki.squid-cache.org/Features/SslPeekAndSplice ).
# Do no harm:# Splice indeterminate traffic.ssl_bump splice
serverIsBankssl_bump bump haveServerNamessl_bump peek allssl_bump
splice all
So my understanding of this.
splice just passes through.
then we bump everything else ?
then peek
and finally splice all?
Must you bump before peek? I assume so but I'm not sure.
On Tue, Nov 17, 2015 at 3:33 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 18/11/2015 9:24 a.m., Bruce Markey wrote:
> > Amos,
> >
> > I knew something wasn't right.
> >
> > Ok then I'm going to start there. I had a heck of a time getting
> > squidguard to even work due to its reliance on old berkely db packages,
> I'd
> > be happy to see it go.
> >
> > So that being said. I'm going to lose squidguard. Upgrade squid to 3.5.
> >
> > I haven't even looked at the 3.5 stuff. How big of a config change am I
> > looking at? That being said, upgrade or start fresh?
>
> For the ssl_bump lines yes. They operate very differently, with a bit of
> a learning curve around the recursive/repeated ssl_bump processing.
>
> The rest of the config change should be smooth if it was working well
> with 3.3. "squid -k parse" can highlight the differences there.
>
> >
> > Thanks again. This is the first definitive answer I've gotten!.
> >
>
> Welcome.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151117/90633bbb/attachment.html>
More information about the squid-users
mailing list