[squid-users] using splice just to improve TLS SNI logging
Alex Rousskov
rousskov at measurement-factory.com
Fri Dec 4 15:03:19 UTC 2015
On 12/03/2015 08:35 PM, Jason Haar wrote:
> Does going "splice" mode avoid all the potential SSL/TLS issues
> surrounding bump? ie it won't care about client certs, weird TLS
> extensions, etc? (ie other than availability, it shouldn't introduce a
> new way of failing?)
Obtaining SNI information requires parsing TLS handshake, so you will be
partially exposed to the dangers of that experimental and changing code.
Splicing at step1 is safer but does not give you SNI.
Alex.
More information about the squid-users
mailing list