[squid-users] Very basic peek & splice

Amos Jeffries squid3 at treenet.co.nz
Thu Sep 27 09:45:45 UTC 2018

On 27/09/18 8:43 PM, Ralf Hildebrandt wrote:
> I recompiled my squid-5 with openssl and added
> ssl_bump peek all
> ssl_bump splice all
> to my squid.conf. What logging should I expect to verify it's actually
> working?

Depends on what you mean by 'working'.

Splicing will show up as access.log CONNECT messages to raw-IP on port
443 with 0ms duration and probably TCP_NONE status. Followed by CONNECT
from same client IP with either raw-IP or a domain, TCP_TUNNEL status
and non-0 duration.
 These pairs may only be identifiable by using the duration to find that
they started at identical time from the same client. The log entries
will be separated by that duration.

'working' can also mean detecting TLS errors and rejecting them. Which
shows up as https:// requests being bumped and denied with a 5xx error


More information about the squid-users mailing list