[squid-users] [EXTERNAL] Re: Ubuntu 18 with Squid 4.11 SSL_BUMP
Amos Jeffries
squid3 at treenet.co.nz
Wed Apr 29 21:50:14 UTC 2020
On 30/04/20 9:11 am, Anthony Mead wrote:
> Hmm, if there were more logs I'd share them! Any reason why I'd only see a access.log line?
>
> I promise if I curl https://google.com this is the only line I see:
> 1588193897.852 20 10.0.1.180 TCP_TUNNEL_ABORTED/200 5103 CONNECT 172.217.15.78:443 - ORIGINAL_DST/172.217.15.78 -
>
> Or curl https://youtube.com :
> 1588194262.880 32 10.0.1.180 TCP_TUNNEL/200 4824 CONNECT 172.217.13.78:443 - ORIGINAL_DST/172.217.13.78 -
>
> Or curl https://github.com/:
> 1588194657.291 45 10.0.1.180 TCP_TUNNEL/200 107344 CONNECT 140.82.113.4:443 - ORIGINAL_DST/140.82.113.4 -
>
Hm. There should at least be a second line showing what server name was
sent in the peek'd SNI or server cert.
The first looks like it reached "terminate all" at step3 of the bumping
process.
The last looks like it was spliced (by the data size transferred). But
that definitely requires the server name to happen.
Amos
More information about the squid-users
mailing list