[squid-users] Squid SNI at Step 2

Jatin Bhasin jbhasin83 at gmail.com
Mon Oct 26 12:34:41 UTC 2015


Hello,

I am running squid 3.5.10 for bumping transparent SSL connections To
achieve this I am using following squid configuration for SSL Bumping.

acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt"
ssl_bump peek step1 all
ssl_bump peek step2 nobumpSites
ssl_bump bump step3 nobumpSites
ssl_bump bump all


File "/etc/squid/allowed_SSL_sites.txt" contains www.facebook.com.

On reading documentation I understood that I should see a Fake CONNECT
request for Facebook.com IP address as below:

TAG_NONE/200 0 CONNECT 17.151.224.13:443 - ORIGINAL_DST/17.151.224.13

And at Step2 there should be a Fake CONNECT request for SNI
information extracted.  But I do not see this either in access.log or
in my ecap adapter.

Please could anyone suggest me how Fake Connect request with SNI
information of the HTTPS site.


Thanks,
Jatin


More information about the squid-users mailing list