[squid-users] Splice using SubjectCN/SAN from remote server certificate

Ahmad, Sarfaraz Sarfaraz.Ahmad at deshaw.com
Tue Jun 26 05:42:13 UTC 2018

I realize that unlike other proprietary MITM appliances, Squid doesn't fiddle with the original client hello.
I think this magnifies into the fact that we cannot look at the SubjectCN/SAN in the remote server certificate and then decide whether we want to splice or bump. (peeking at step 2 really restricts our options)
Is my understanding correct ? Or is there a way to accomplish this ?

Best Regards,

More information about the squid-users mailing list