[squid-users] Quick peek-splice clarification

James Lay jlay at slave-tothe-box.net
Thu Jun 11 00:16:36 UTC 2015


All,

>From the docs at:

http://wiki.squid-cache.org/Features/SslPeekAndSplice

peek


step1, step2


Receive SNI and client
certificate (step1), or
server certificate
(step2) while preserving
the possibility of
splicing the connection.
Peeking at the server
certificate usually
precludes future bumping
of the connection (see
Limitations). This
action is the focus of
this project.


stare


step1, step2


Receive SNI and client
certificate (step1), or
server certificate
(step2) while preserving
the possibility of
bumping the connection.
Staring at the server
certificate usually
precludes future
splicing of the
connection. Currently,
we are not aware of any
work being done to
support this action.



I see a lot of:

ssl_bump peek all

Does this perform both step1 with SNI and client cert, AND server cert?
Thank you.

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150610/28f13d62/attachment.html>


More information about the squid-users mailing list