[squid-users] SSL Bump matching Subject Alternative Names

[Cohen-Rose, Adam]

We¹re trying to use SSL bump to splice traffic from a CDN (cdn.teads.tv)

The CDN server certificate uses Subject Alternative Names in its
certificate to identify the cdn.teads.tv domain rather than the Common
Name (which is set to aka.proceau.net).

Can we use SSL bump to splice requests to cdn.teads.tv or do we need to
use the CN domain to identify the CDN?


We¹d like to terminate other connections so our current SSL Bump config is:

acl tcp_level at_step SslBump1
acl client_hello_peeked at_step SslBump2
ssl_bump peek tcp_level all

acl to_teads_tv_ssl ssl::server_name cdn.teads.tv

ssl_bump splice client_hello_peeked to_teads_tv_ssl

ssl_bump terminate all


Thanks for your help!

Adam

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky plc and Sky International AG and are used under licence. Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of Sky plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.