[squid-users] debugging ssl-bump
Marcus Kool
marcus.kool at urlfilterdb.com
Tue Jul 18 17:02:46 UTC 2017
I am trying to debug ssl-bump and am looking specifically for decisions that Squid takes with regard to bumping, splicing and unsupported protocol.
The config file for Squid 4.0.21 has
debug_options ALL,1 33,9 83,9
http_port 10.10.10.1:3230 ssl-bump ...
acl tls_is_skype ssl::server_name "/var/ufdbguard/blacklists/chat/skype/iplist"
acl tls_is_skype ssl::server_name .skype.com
acl tls_allowed_hsts ssl::server_name www.google.com
acl tls_urlfilterdb ssl::server_name www.urlfilterdb.com
acl tls_server_is_bank ssl::server_name .abnamro.nl
acl tls_server_is_bank ssl::server_name .abnamro.com
acl tls_to_splice any-of tls_allowed_hsts tls_urlfilterdb tls_server_is_bank tls_is_skype
ssl_bump splice tls_to_splice
ssl_bump stare all
ssl_bump bump all
on_unsupported_protocol tunnel all
But I fail to see in cache.log anything that gives a clue about
- squid decided to splice
- squid decided to bump
- squid decided to treat a connection as "unsupported protocol".
Are there other debug sections than 33 and 83 that need an increased debug level ?
what strings do I have to look for in cache.log to understand the above decisions that Squid takes ?
Thanks
Marcus
More information about the squid-users
mailing list