[squid-users] ALPN, HTTP/2 and sslbump

Amos Jeffries squid3 at treenet.co.nz
Wed Jan 3 23:47:53 UTC 2018

On 04/01/18 12:37, Alex Rousskov wrote:
> On 01/03/2018 03:30 PM, brianbergstrom wrote:
>> If I understand the docs and this thread correctly, Squid should be removing
>> h2 from the ALPN in the Client Hello since Squid does not support it.
> Please note that Squid cannot remove something when using "peek" and
> "splice" actions.
> I do not know whether Squid removes unsupported ALPN values when using
> "stare" and "bump" actions, and I would not be surprised to learn that
> Squid does not police those values at all (yet),

It does *unless* peeking at the server handshake: 


More information about the squid-users mailing list