[squid-users] squid4 with sslbump not logged server side cert_subject and cert_issuer
Amos Jeffries
squid3 at treenet.co.nz
Thu Feb 15 14:32:13 UTC 2018
On 16/02/18 01:44, Peter Viskup wrote:
> Running squid version 4.0.23 with logformat including
>
> SSLBumpMode=%ssl::bump_mode SSLSNI="%ssl::>sni"
> SSLClientProto="%ssl::>negotiated_version"
> SSLServerProto="%ssl::<negotiated_version"
> SSLBumpClientCipher="%ssl::>negotiated_cipher"
> SSLBumpServerCipher="%ssl::<negotiated_cipher"
> SSLBumpSubject="%ssl::<cert_subject"
> SSLBumpIssuer="%ssl::<cert_issuer"
>
> and ssl_bump configured simply with
>
> ssl_bump bump all
> http_access allow all
>
> the messages still logged with dashes for Subject and Issuer values
>
> SSLBumpMode=bump SSLSNI="www.google.sk" SSLClientProto="TLS/1.0" SSLServerProto
> ="TLS/1.2" SSLBumpClientCipher="ECDHE-RSA-AES256-SHA"
> SSLBumpServerCipher="ECDHE-RSA-AES128-GCM-SHA256" SSLBumpSubject="-"
> SSLBumpIssuer="-"
>
> I am doing something wrong or did I overlooked something?
>
Was there actually a server involved?
You told Squid to "bump all" which, by itself, means bump immediately
after client Hello arrives. So there is no server cert to get details
from until after bumping finishes and the first HTTPS request is
processed - triggering server contact to pass it upstream (unless that
is a HIT).
Amos
More information about the squid-users
mailing list