[squid-users] Squid SNI at Step 2
jbhasin83 at gmail.com
Mon Oct 26 12:34:41 UTC 2015
I am running squid 3.5.10 for bumping transparent SSL connections To
achieve this I am using following squid configuration for SSL Bumping.
acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt"
ssl_bump peek step1 all
ssl_bump peek step2 nobumpSites
ssl_bump bump step3 nobumpSites
ssl_bump bump all
File "/etc/squid/allowed_SSL_sites.txt" contains www.facebook.com.
On reading documentation I understood that I should see a Fake CONNECT
request for Facebook.com IP address as below:
TAG_NONE/200 0 CONNECT 220.127.116.11:443 - ORIGINAL_DST/18.104.22.168
And at Step2 there should be a Fake CONNECT request for SNI
information extracted. But I do not see this either in access.log or
in my ecap adapter.
Please could anyone suggest me how Fake Connect request with SNI
information of the HTTPS site.
More information about the squid-users