[squid-users] Issue with SSL_BUMP and Office365 (for one...)
Amos Jeffries
squid3 at treenet.co.nz
Wed Jun 10 17:47:28 UTC 2020
On 8/06/20 5:53 am, J. Dierkse wrote:>
> I think I found the culprit; I’m exclusively using peer routing, and the knowledgebase mentions that this is disabled when host forgery is detected.
> I understand the reasoning behind disabling this, but it renders my setup pointless for SSL connections.
> Perhaps anyone has any brilliant ideas to do peer routing with Squid with (sorry to say) misbehaving CDN DNS servers..?
This is <https://bugs.squid-cache.org/show_bug.cgi?id=4940>.
There is no easy fix. A number of design problems need to be resolved
before there is a chance at avoiding this safely.
Amos
More information about the squid-users
mailing list