[squid-users] ALPN, HTTP/2 and sslbump
Alex Rousskov
rousskov at measurement-factory.com
Wed Jan 3 23:37:24 UTC 2018
On 01/03/2018 03:30 PM, brianbergstrom wrote:
> If I understand the docs and this thread correctly, Squid should be removing
> h2 from the ALPN in the Client Hello since Squid does not support it.
Please note that Squid cannot remove something when using "peek" and
"splice" actions.
I do not know whether Squid removes unsupported ALPN values when using
"stare" and "bump" actions, and I would not be surprised to learn that
Squid does not police those values at all (yet), but I want to emphasize
that the combination of "removing" and "splicing" is impossible.
> ssl_bump peek step1
> ssl_bump peek step2 allowed_https_sites
> ssl_bump peek step2 allowed_https_ips
> ssl_bump splice step3 allowed_https_sites
> ssl_bump splice step3 allowed_https_ips
> ssl_bump terminate step2 all
HTH,
Alex.
More information about the squid-users
mailing list