[squid-users] Squid modification to only read client SNI without bumping.
His Shadow
shadowpilot34 at gmail.com
Tue Jun 8 13:31:21 UTC 2021
Could you direct me to those scripts? Also, am I understanding
correctly that in this mode:
acl blocklist dstdomain ...
ssl_bump peek all
ssl_bump splice blocklist
ssl_bump terminate all
I will only need certs to display an error page from squid via ssl,
but unblocked domains should be just fine?
I think it should be
ssl_bump splice !blocklist
Since blocklist is the list of domains that needs blocking, so we
don't need to splice them. Oh, and one more thing, wouldn't dstdomain
match something that was sent in the CONNECT request itself, instead
of the SNI in the client hello if it is present?
--
HisShadow
More information about the squid-users
mailing list