[squid-users] Deny Access based on SSL-Blacklists (SHA1-Fingerprint) with ssl_bump
Alex Rousskov
rousskov at measurement-factory.com
Mon Dec 7 15:02:59 UTC 2015
On 12/07/2015 04:37 AM, Ralf Hildebrandt wrote:
> * Alex Rousskov <rousskov at measurement-factory.com>:
>> Please note that if you do not want to bump anything, then the following
>> should also work (bugs notwithstanding):
>>
>> ssl_bump splice whitelist
>> ssl_bump peek all
>> ssl_bump terminate blacklist
>> ssl_bump splice all
>
> That doesn't seem to work for me (squid 3.5.2)
> Yet I still can connect. What am I doing wrong?
If you are indeed using v3.5.2, then that is a big red flag.
If you are using the latest v3.5 release, then you should open a bug
report, preferably with an ALL,9 log depicting a single failing
transaction. AFAICT, the above is meant to work. If it does not, there
is either a Squid bug or misconfiguration [that I cannot detect by
reading email].
Thank you,
Alex.
More information about the squid-users
mailing list