[squid-users] SSL bumping without faked server certificates
Stefan Kutzke
stefan.kutzke at bettermarks.com
Tue Nov 10 18:05:48 UTC 2015
Hi Sebastian,
I will give it a try.
Regards,
Stefan
Am Dienstag, den 10.11.2015, 14:27 +0000 schrieb Sebastian Kirschner:
> Hi Stefan,
>
> I think it would be better to peek at step1 (Then you have the Client
> SNI) and at step2 you could bump or splice.
> Your config
> > My assumption is that I have to use in Squid's config:
> > https_port <squid-ip>:3443 intercept ssl-bump cert=<server.crt>
> > key=<server.key>
> > acl MYSITE ssl:server_name .mydomain.com
> > ssl_bump bump MYSITE
> > ssl_bump splice all
>
> A better way might be
> # acl step1 at_step SslBump1
> # acl MYSITE ssl:server_name .mydomain.com
> #
> # ssl_bump peek step1
> # ssl_bump bump MYSITE
> # ssl_bump splice all
>
> Best Regards
> Sebastian
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list