[squid-users] Squid SNI at Step 2

Amos Jeffries squid3 at treenet.co.nz
Mon Oct 26 14:50:49 UTC 2015

On 27/10/2015 1:34 a.m., Jatin Bhasin wrote:
> Hello,
> I am running squid 3.5.10 for bumping transparent SSL connections To
> achieve this I am using following squid configuration for SSL Bumping.
> acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt"
> ssl_bump peek step1 all
> ssl_bump peek step2 nobumpSites
> ssl_bump bump step3 nobumpSites
> ssl_bump bump all
> File "/etc/squid/allowed_SSL_sites.txt" contains www.facebook.com.
> On reading documentation I understood that I should see a Fake CONNECT
> request for Facebook.com IP address as below:
> And at Step2 there should be a Fake CONNECT request for SNI
> information extracted.

Only if SNI is actually sent by the client. It is not guaranteed to be sent.


More information about the squid-users mailing list