[squid-users] Splice certain SNIs which served by the same IP
Eliezer Croitoru
ngtech1ltd at gmail.com
Tue Feb 22 19:45:28 UTC 2022
Just To mention that once Squid is not splicing the connection it would have
full control in the URL level.
I do not know the scenario but I have yet to have seen a similar case and
it's probably because I am bumping
almost all connections.
Eliezer
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of
Amos Jeffries
Sent: Tuesday, February 22, 2022 16:32
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Splice certain SNIs which served by the same IP
On 23/02/22 01:05, Ben Goz wrote:
> By the help of God.
>
> If I'm using the self signed certificate that I created for the ssl
> bump, then the browser considers it as the same certificate for any
> domain I'm connecting to?
>
Key thing to remember is that TLS server certificate validates the
*server*, not the URL domain name.
HTTP/2 brings the feature of alternate server names. So once connected
and talking, a server can tell the client a bunch of other domains that
can be fetched from it.
Since you are using SSL-Bump "splice" to setup the connection Squid has
no control or interaction over what the server and client tell each
other within that connection.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list