[squid-users] About SSL peek-n-splice/bump configurations
Julian Perconti
vh1988 at yahoo.com.ar
Sun Aug 12 22:09:01 UTC 2018
Hi,
I would like to know which of these two cfg's are "better" or "more secure"
when a site/domain is spliced, bumped, etc.
Here the lines...
# mandatory lines:
acl noBumpSites ssl::server_name_regex -i "/etc/squid/url.nobump"
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
_______________
# ssl_bump option 1: (with this I don't see the domain in "TUNNEL" line,
just the IP addr.)
ssl_bump peek step1
ssl_bump peek step2 noBumpSites
ssl_bump splice step3 noBumpSites
ssl_bump stare step2
ssl_bump bump step3
# ssl_bump option 2: (with this I see the domain in "TUNNEL" line.)
ssl_bump peek step1
ssl_bump splice noBumpSites
ssl_bump bump all
And (if possible) could anyone explain the differnce between these 2 cfg's ?
The peek-n-splice config (for me) was never clearly.
Thank you in advance,
All the best
More information about the squid-users
mailing list