<div dir="ltr"><div><br></div>Amos,<div><br></div><div>Looking at the squid docs for peek and splice ( <a href="http://wiki.squid-cache.org/Features/SslPeekAndSplice">http://wiki.squid-cache.org/Features/SslPeekAndSplice</a> ).  </div><div><br></div><div><pre style="padding:0.5em;font-family:courier,monospace;border:1pt solid rgb(192,192,192);white-space:pre-wrap;word-wrap:break-word;color:rgb(0,0,0);font-size:13.6px;line-height:17px;background:rgb(240,236,230)"># Do no harm:
<span class="" id="line-2"></span># Splice indeterminate traffic.
<span class="" id="line-3"></span>ssl_bump splice serverIsBank
<span class="" id="line-4"></span>ssl_bump bump haveServerName
<span class="" id="line-5"></span>ssl_bump peek all
<span class="" id="line-6"></span>ssl_bump splice all</pre></div><div class="gmail_extra"><br><div class="gmail_quote">So my understanding of this.  </div><div class="gmail_quote"><br></div><div class="gmail_quote">splice just passes through. </div><div class="gmail_quote">then we bump everything else ?</div><div class="gmail_quote">then peek </div><div class="gmail_quote">and finally splice all?</div><div class="gmail_quote"><br></div><div class="gmail_quote">Must you bump before peek? I assume so but I'm not sure. </div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote">On Tue, Nov 17, 2015 at 3:33 PM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 18/11/2015 9:24 a.m., Bruce Markey wrote:<br>
> Amos,<br>
><br>
> I knew something wasn't right.<br>
><br>
> Ok then I'm going to start there.  I had a heck of a time getting<br>
> squidguard to even work due to its reliance on old berkely db packages, I'd<br>
> be happy to see it go.<br>
><br>
> So that being said. I'm going to lose squidguard.  Upgrade squid to 3.5.<br>
><br>
> I haven't even looked at the 3.5 stuff.  How big of a config change am I<br>
> looking at?  That being said, upgrade or start fresh?<br>
<br>
</span>For the ssl_bump lines yes. They operate very differently, with a bit of<br>
a learning curve around the recursive/repeated ssl_bump processing.<br>
<br>
The rest of the config change should be smooth if it was working well<br>
with 3.3. "squid -k parse" can highlight the differences there.<br>
<span class=""><br>
><br>
> Thanks again. This is the first definitive answer I've gotten!.<br>
><br>
<br>
</span>Welcome.<br>
<div class="HOEnZb"><div class="h5"><br>
Amos<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br></div></div>