[squid-users] ALPN, HTTP/2 and sslbump
Amos Jeffries
squid3 at treenet.co.nz
Wed Jan 3 23:47:53 UTC 2018
On 04/01/18 12:37, Alex Rousskov wrote:
> On 01/03/2018 03:30 PM, brianbergstrom wrote:
>
>> If I understand the docs and this thread correctly, Squid should be removing
>> h2 from the ALPN in the Client Hello since Squid does not support it.
>
> Please note that Squid cannot remove something when using "peek" and
> "splice" actions.
>
> I do not know whether Squid removes unsupported ALPN values when using
> "stare" and "bump" actions, and I would not be surprised to learn that
> Squid does not police those values at all (yet),
It does *unless* peeking at the server handshake:
<https://github.com/squid-cache/squid/blob/v3.5/src/ssl/bio.cc#L1261>.
Amos
More information about the squid-users
mailing list