[squid-users] about sni
HackXBack
hack.back at hotmail.com
Mon Feb 15 23:46:24 UTC 2016
What are the requirements for ssl::server_name to work with SNI (squid
3.5.12) ?
In principle, I want to do this (from squid.conf):
....
# get the public TLS metadata (includes SNI)
ssl_bump peek all
# block based on SNI matching
acl blocked ssl::server_name .example.com
ssl_bump terminate blocked
# tunnel (no decrypting) for everything else
ssl_bump splice all
.....
Few questions regarding the pre-requisites for this to work:
- It should not be necessary to install squids cert in the client, correct ?
- squid.conf: Anything missing in next line (cert for squid ) ?
http_port 3129 intercept ssl-bump
- Anything else required ?
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/about-sni-tp4676005.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list