[squid-users] [EXTERNAL] Re: Ubuntu 18 with Squid 4.11 SSL_BUMP

Amos Jeffries squid3 at treenet.co.nz
Wed Apr 29 21:50:14 UTC 2020


On 30/04/20 9:11 am, Anthony Mead wrote:
> Hmm, if there were more logs I'd share them!  Any reason why I'd only see a access.log line?
> 
> I promise if I curl https://google.com  this is the only line I see: 
> 1588193897.852     20 10.0.1.180 TCP_TUNNEL_ABORTED/200 5103 CONNECT 172.217.15.78:443 - ORIGINAL_DST/172.217.15.78 -
> 
> Or curl https://youtube.com :
> 1588194262.880     32 10.0.1.180 TCP_TUNNEL/200 4824 CONNECT 172.217.13.78:443 - ORIGINAL_DST/172.217.13.78 -
> 
> Or curl https://github.com/:
> 1588194657.291     45 10.0.1.180 TCP_TUNNEL/200 107344 CONNECT 140.82.113.4:443 - ORIGINAL_DST/140.82.113.4 -
> 


Hm. There should at least be a second line showing what server name was
sent in the peek'd SNI or server cert.

The first looks like it reached "terminate all" at step3 of the bumping
process.

The last looks like it was spliced (by the data size transferred). But
that definitely requires the server name to happen.


Amos


More information about the squid-users mailing list