[squid-users] peek- splice and client side certs
Amos Jeffries
squid3 at treenet.co.nz
Wed Apr 22 03:06:34 UTC 2015
On 22/04/2015 1:31 p.m., Alex Samad wrote:
> I presume ssl proxy (peek/splice) doesn't work with client certs ?
peek/splice works with client certs.
peek to get the SNI and other publicly available details from TLS then
splice to pass that client data to the server is precisely the feature
designed to cope with client certs, unknown ciphers and other issues.
NP: splicing is *not* decrypting the traffic.
*bump* action (or the deprecated client-first/server-first) is the one
that will not work properly with client certs.
Amos
More information about the squid-users
mailing list