<div dir="ltr">I just received the news from my team that squid is working at first but when they restart the service, It doesn't work. Has anyone encountered issues like that?</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 24, 2017 at 12:56 AM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 24/01/2017 3:38 p.m., Mustafa Mohammad wrote:<br>
> By regression...I mean our QA testing server. Let me explain this in<br>
> detail: I have a squid proxy running which is needed to connect to the<br>
> server so we can get back if the transaction was approved or not. It is a<br>
> point of sale application that send transaction data to the server to<br>
> receive response about the transaction and that's when the problem is<br>
> occurring when It is trying to communicate to that server. I received some<br>
> help and I think ssl splice and ssl peek might work but I don't know how to<br>
> use them. I don't the rules to apply in this situation.<br>
<br>
</span>Whats usually needed in these setups is a reverse-proxy (aka "load<br>
balancer", CDN frontend, etc.). But for that to be Squid it would<br>
require the POS application to be messaging with HTTP.<br>
Is that the case?<br>
<br>
The peek-and-splice form of SSL-Bump MITM might work anyway so long as<br>
the application is actually using real TLS. But you need to be aware the<br>
splice action is just blindly tunneling the TLS data through Squid. It<br>
is not being touched, so anything like CRL issues is a problem between<br>
the endpoints - Squid cannot help unless its actually HTTP messages,<br>
then 'bump' action is needed to fully decrypt and modify the TLS.<br>
<br>
<br>
(That said, there have been some weird issues showing up even when the<br>
tunnel is spliced. see the threads about 30sec delays to cloudeflare, or<br>
curl rejecting tunneled traffic.)<br>
<div class="HOEnZb"><div class="h5"><br>
Amos<br>
<br>
______________________________<wbr>_________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a><br>
</div></div></blockquote></div><br></div>