<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>sslbump can be used in peek+splice and peek+bump modes.</p>

    <p>Depending on what Squid finds in the peek (e.g. a teamviewer

      FQDN) Squid can decide to splice (not interfere) the connection.</p>

    <p>Below is an example.<br>

    </p>

    <p>Marcus</p>

    <p><br>

    </p>

    <p><br>

    </p>

    <p> </p>

    <p style="margin-bottom: 0.07cm" align="left">

      <font face="FreeMono, monospace"><font style="font-size: 10pt"

          size="2">#

          TLS/SSL bumping definitions</font></font></p>

    <p style="margin-bottom: 0.07cm" align="left"><font face="FreeMono,

        monospace"><font style="font-size: 10pt" size="2">acl

          tls_s1_connect at_step SslBump1</font></font></p>

    <br>

    <p style="margin-bottom: 0.07cm" align="left"><font face="FreeMono,

        monospace"><font style="font-size: 10pt" size="2">#

          define acls for sites that must not be bumped</font></font></p>

    <p style="margin-bottom: 0.07cm" align="left"><font face="FreeMono,

        monospace"><font style="font-size: 10pt" size="2">acl

          tls_server_is_bank ssl::server_name .abnamro.nl</font></font></p>

    <p style="margin-bottom: 0.07cm" align="left"><font face="FreeMono,

        monospace"><font style="font-size: 10pt" size="2">acl

          tls_server_is_bank ssl::server_name .abnamro.com</font></font></p>

    <p style="margin-left: 1cm; text-indent: -1cm; margin-bottom:

      0.07cm; line-height: 110%; orphans: 2; widows: 2; background:

      transparent; page-break-before: auto" align="left">

      <font face="FreeMono, monospace"><font style="font-size: 10pt"

          size="2">acl

          tls_server_is_teamviewer </font></font><font face="FreeMono,

        monospace"><font style="font-size: 10pt" size="2"><font

            face="FreeMono, monospace"><font style="font-size: 10pt"

              size="2">ssl::server_name .teamviewer.com<br>

            </font></font></font></font></p>

    <p style="margin-bottom: 0.07cm" align="left"><font face="FreeMono,

        monospace"><font style="font-size: 10pt" size="2">acl

          tls_to_splice any-of tls_server_is_teamviewer

          tls_server_is_bank</font></font></p>

    <p style="margin-bottom: 0.07cm" align="left"><br>

    </p>

    <p style="margin-bottom: 0.07cm; orphans: 0; widows: 0;

      page-break-before: auto; page-break-after: avoid" align="left">

      <font face="FreeMono, monospace"><font style="font-size: 10pt"

          size="2">#

          TLS/SSL bumping steps</font></font></p>

    <p style="margin-bottom: 0.07cm; orphans: 0; widows: 0;

      page-break-after: avoid" align="left">

      <font face="FreeMono, monospace"><font style="font-size: 10pt"

          size="2"><font style="font-size: 10pt" size="2"><span

              lang="en-US">ssl_bump

              peek tls_s1_connect    # </span></font><font

            style="font-size: 10pt" size="2"><span lang="en-US"><i>peek</i></span></font><font

            style="font-size: 10pt" size="2"><span lang="en-US">

              at TLS/SSL connect data</span></font></font></font></p>

    <p style="margin-bottom: 0.07cm; orphans: 0; widows: 0;

      page-break-after: avoid" align="left">

      <font face="FreeMono, monospace"><font style="font-size: 10pt"

          size="2"><font style="font-size: 10pt" size="2"><span

              lang="en-US">ssl_bump

              splice tls_to_splice   # </span></font><font

            style="font-size: 10pt" size="2"><span lang="en-US"><i>splice

              </i></span></font><font style="font-size: 10pt" size="2"><span

              lang="en-US"><i>some</i></span></font><font

            style="font-size: 10pt" size="2"><span lang="en-US">:

              no active bump</span></font></font></font></p>

    <p style="margin-bottom: 0.07cm; orphans: 0; widows: 0;

      page-break-after: avoid" align="left">

      <font face="FreeMono, monospace"><font style="font-size: 10pt"

          size="2"><font style="font-size: 10pt" size="2"><span

              lang="en-US">ssl_bump

              stare </span></font><font style="font-size: 10pt"

            size="2"><span lang="en-US">all</span></font><font

            style="font-size: 10pt" size="2"><span lang="en-US">    # </span></font><font

            style="font-size: 10pt" size="2"><span lang="en-US"><i>stare</i></span></font><font

            style="font-size: 10pt" size="2"><span lang="en-US">(peek)

              at </span></font><font style="font-size: 10pt" size="2"><span

              lang="en-US">server</span></font></font></font></p>

    <p style="margin-bottom: 0.07cm; orphans: 0; widows: 0;

      page-break-after: avoid" align="left">

      <font face="FreeMono, monospace"><font style="font-size: 10pt"

          size="2"><font style="font-size: 10pt" size="2"><span

              lang="en-US">ssl_bump

              bump     # </span></font><font style="font-size: 10pt"

            size="2"><span lang="en-US"><i>bump</i></span></font><font

            style="font-size: 10pt" size="2"><span lang="en-US">

              if we can (if the </span></font><font style="font-size:

            10pt" size="2"><span lang="en-US"><i>stare</i></span></font><font

            style="font-size: 10pt" size="2"><span lang="en-US"><i>

              </i></span></font><font style="font-size: 10pt" size="2"><span

              lang="en-US">succeeded)</span></font></font></font></p>

    <p style="margin-bottom: 0.07cm" align="left"><br>

      <br>

    </p>

    <p>

      <style type="text/css">p { margin-bottom: 0cm; direction: ltr; color: #000000; line-height: 110%; text-align: justify; orphans: 2; widows: 2; background: transparent }p.western { font-family: "Times New Roman", serif; font-size: 11pt; so-language: en-US }p.cjk { font-family: "Times New Roman", serif; font-size: 11pt; so-language: zxx }p.ctl { font-family: "Times New Roman", serif; font-size: 10pt; so-language: ar-SA }a:visited { color: #800080; text-decoration: underline }a:link { color: #0000ff; text-decoration: underline }</style></p>

    <p><br>

    </p>

    <div class="moz-cite-prefix">On 23/10/2021 17:41, Andrea Venturoli

      wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:5f2be6ce-bda5-0068-3160-9280ee5dcbb2@netfence.it">On

      10/22/21 17:24, Alex Rousskov wrote:

      <br>

      <br>

      <blockquote type="cite">I do not know much about TeamViewer, ...

        <br>

        You do not need SslBump and https_port for this.

        <br>

      </blockquote>

      <br>

      AFAIK you *cannot* use SslBump, as TeamViewer pinpoints

      certificates.

      <br>

      If someone can prove me wrong, I'd be curious to know how they

      manage this.

      <br>

      <br>

       bye

      <br>

          av.

      <br>

      _______________________________________________

      <br>

      squid-users mailing list

      <br>

      <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>

      <br>

      <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>

      <br>

    </blockquote>

  </body>

</html>