[squid-users] [EXTERNAL] Re: Ubuntu 18 with Squid 4.11 SSL_BUMP
squid3 at treenet.co.nz
Wed Apr 29 21:50:14 UTC 2020
On 30/04/20 9:11 am, Anthony Mead wrote:
> Hmm, if there were more logs I'd share them! Any reason why I'd only see a access.log line?
> I promise if I curl https://google.com this is the only line I see:
> 1588193897.852 20 10.0.1.180 TCP_TUNNEL_ABORTED/200 5103 CONNECT 18.104.22.168:443 - ORIGINAL_DST/22.214.171.124 -
> Or curl https://youtube.com :
> 1588194262.880 32 10.0.1.180 TCP_TUNNEL/200 4824 CONNECT 126.96.36.199:443 - ORIGINAL_DST/188.8.131.52 -
> Or curl https://github.com/:
> 1588194657.291 45 10.0.1.180 TCP_TUNNEL/200 107344 CONNECT 184.108.40.206:443 - ORIGINAL_DST/220.127.116.11 -
Hm. There should at least be a second line showing what server name was
sent in the peek'd SNI or server cert.
The first looks like it reached "terminate all" at step3 of the bumping
The last looks like it was spliced (by the data size transferred). But
that definitely requires the server name to happen.
More information about the squid-users