<p dir="ltr">Hi Amos,</p>
<p dir="ltr">My client is sending sni. I have checked this. Squid only generates SNI fake connect at step2 if sslbump action is splice. For all other ssl bump actions it does not generate fake connect with sni. <br>
Is this a bug or limitation in squid? Do you plan in future to change it?<br></p>
<p dir="ltr">Thanks <br>
Jatin </p>
<div class="gmail_quote">On 27 Oct 2015 1:52 am, "Amos Jeffries" <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 27/10/2015 1:34 a.m., Jatin Bhasin wrote:<br>
> Hello,<br>
><br>
> I am running squid 3.5.10 for bumping transparent SSL connections To<br>
> achieve this I am using following squid configuration for SSL Bumping.<br>
><br>
> acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt"<br>
> ssl_bump peek step1 all<br>
> ssl_bump peek step2 nobumpSites<br>
> ssl_bump bump step3 nobumpSites<br>
> ssl_bump bump all<br>
><br>
><br>
> File "/etc/squid/allowed_SSL_sites.txt" contains <a href="http://www.facebook.com" rel="noreferrer" target="_blank">www.facebook.com</a>.<br>
><br>
> On reading documentation I understood that I should see a Fake CONNECT<br>
> request for Facebook.com IP address as below:<br>
><br>
> TAG_NONE/200 0 CONNECT <a href="http://17.151.224.13:443" rel="noreferrer" target="_blank">17.151.224.13:443</a> - ORIGINAL_DST/<a href="http://17.151.224.13" rel="noreferrer" target="_blank">17.151.224.13</a><br>
><br>
> And at Step2 there should be a Fake CONNECT request for SNI<br>
> information extracted.<br>
<br>
Only if SNI is actually sent by the client. It is not guaranteed to be sent.<br>
<br>
Amos<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div>