[squid-users] 3.5.8 — SSL Bump questions
Alex Rousskov
rousskov at measurement-factory.com
Tue Sep 8 19:54:22 UTC 2015
On 09/07/2015 11:36 PM, Dan Charlesworth wrote:
> First, here’s my config (shout out to James Lay):
> acl client_hello_peeked at_step SslBump2
> ssl_bump splice client_hello_peeked bump_bypass_domains
> ssl_bump bump client_hello_peeked
Just in case somebody tries to copy this:
AFAICT, in Squid v3.5.8, the above config does not make sense. Since
client_hello_peeked does not match during step1, no ssl_bump rules will
patch during step1, and so the above is equivalent to:
ssl_bump splice !all
ssl_bump bump !all
which, in turn, should be equivalent to:
ssl_bump splice all
because "splice" is the default ssl_bump action unless Squid has been
"staring". That, in turn, should be nearly equivalent to not using
SslBump at all. There are some side effects related to the
always-performed SslBump step1 actions that you may observe, but I doubt
you were after those side effects.
Alex.
More information about the squid-users
mailing list