[squid-users] Quick peek-splice clarification

Klavs Klavsen kl at vsen.dk
Tue Jun 23 07:11:26 UTC 2015


Hi James,

Did you ever find an answer for this?

James Lay wrote on 06/11/2015 02:16 AM:
> All,
>
>  From the docs at:
>
> http://wiki.squid-cache.org/Features/SslPeekAndSplice
>
> *peek*
>
>
> 	step1, step2
>
>
> 	Receive SNI and client certificate (step1), or server certificate
> (step2) while preserving the possibility of splicing the connection.
> Peeking at the server certificate usually precludes future bumping of
> the connection (see Limitations). This action is the focus of this project.
>
>
> *stare*
>
>
> 	step1, step2
>
>
> 	Receive SNI and client certificate (step1), or server certificate
> (step2) while preserving the possibility of bumping the connection.
> Staring at the server certificate usually precludes future splicing of
> the connection. Currently, we are not aware of any work being done to
> support this action.
>
>
>
> I see a lot of:
>
> ssl_bump peek all
>
> Does this perform both step1 with SNI and client cert, AND server cert?
> Thank you.
>
> James
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


-- 
Regards,
Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200

"Those who do not understand Unix are condemned to reinvent it, poorly."
   --Henry Spencer



More information about the squid-users mailing list