[squid-users] 3.5.8 — SSL Bump questions
James Lay
jlay at slave-tothe-box.net
Tue Sep 8 20:42:57 UTC 2015
On 2015-09-08 02:32 PM, Alex Rousskov wrote:
> On 09/08/2015 02:18 PM, James Lay wrote:
>
>> I'm currently having great success with 3.5.8 and this
>> peek/splice only method using transparent intercept:
>>
>> ###############################
>> acl step1 at_step SslBump1
>> acl step2 at_step SslBump2
>> acl step3 at_step SslBump3
>>
>> ssl_bump peek step1 all
>> ssl_bump peek step2 all
>> acl allowed_https_sites ssl::server_name_regex
>> "/opt/etc/squid/http_url.txt"
>> ssl_bump splice step3 allowed_https_sites
>> ssl_bump terminate all
>> ###############################
>
>
> Bugs notwithstanding, the above can be further simplified (in v3.5.8
> and
> later):
>
> acl allowed_https_sites ...
> ssl_bump peek all
> ssl_bump splice allowed_https_sites
> ssl_bump terminate all
>
>
> HTH,
>
> Alex.
Hey thanks Alex...I will give that a test with 3.5.8. I also recall in
earlier builds that "ssl_bump peek all" only matched SNI, but did not
match the cert subject, which is why I forced it with peeking at step1
and step2. Thanks again.
James
More information about the squid-users
mailing list