[squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?
Yuri Voinov
yvoinov at gmail.com
Fri Jan 9 11:02:41 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok,
does it mean, that I can't using old bump configuration?
So, the right config for 3.5.x must contains what?
The IP's against server hostnames in mimicking certificates is
equivalence no bump. Every stupid browser will be cry on it.
WBR, Yuri
09.01.2015 16:57, Amos Jeffries пишет:
> On 9/01/2015 11:45 p.m., Yuri Voinov wrote:
>
> > I have working production 3.4.10 with working ssl bumping.
>
> > Config was the same as working 3.4.10. I've just want to take a
> > look on new release.
>
> > in squid.documented said, than backward compatibility server-first
> > and none options for ssl_bump are kept.
>
> > But:
>
> > Neither works with old syntax, nor new.
>
> > Looks like target https hosts not resolved and bump got only IP.
>
> The config values are still accepted, but there is an extra bumping
> stage now before the SNI is available.
>
> You are wanting to peek at stage 1 (to get the client SNI details) and
> server-first/splice at stage 2 (using the domain). Otherwise All Squid
> works with when intercepting are the TCP IPs.
>
> Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUr7VRAAoJENNXIZxhPexGbG8IAKSt9K/SX6BigfQXAhMTXmCB
gGiRmVl2IP3dyZ9cOMSbYnBJpjo3p+STQ9JwKurV0+u+gnK3/DqcLpAz3N4nn+sI
+BYsjR3O+o/Kv3ExD5fihL9cXnliTQ4+YrAwwfnFODsHSd/l3KpbrHBvb+9J4Rwq
fSuLkwM8DkcVwVcfq4FB0gBkPzYcY14McuDrU8o0kWt88W4E+IzIOceGTODZ8zaL
UnvJU0fa7wO5AnD55jbrfOpk9xfu7NCbLGVWYP0G3m7y3ZwpCbSR082BbiVmgWC8
4R+djVw0aw4eKFTr2G1SXFVDxZ5vYRUIKB6Sl0VtA2YFA4YakTO4PyUQejWkohw=
=Wl6n
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list