[squid-users] Squid SNI at Step 2
Alex Rousskov
rousskov at measurement-factory.com
Mon Oct 26 17:20:34 UTC 2015
On 10/26/2015 06:34 AM, Jatin Bhasin wrote:
> I am running squid 3.5.10 for bumping transparent SSL connections To
> achieve this I am using following squid configuration for SSL Bumping.
>
> ssl_bump peek step1 all
> ssl_bump peek step2 nobumpSites
> ssl_bump bump step3 nobumpSites
> ssl_bump bump all
In the latest Squids, the above config probably does not do what you
want. For nobumpSites, your config is equivalent to:
ssl_bump peek step1
ssl_bump peek step2
ssl_bump bump step3
which does not work in most cases -- you cannot bump after peeking at step2.
For all other sites, you config is equivalent to:
ssl_bump peek step1
ssl_bump bump step2
which works.
If you want to bump everything, then this should work:
ssl_bump stare all
ssl_bump bump all
If you want to bump everything other than nobumpSites (which needs SNI),
then start with something like this:
ssl_bump peek step1
ssl_bump splice nobumpSites
ssl_bump bump all
HTH,
Alex.
More information about the squid-users
mailing list