[squid-users] Microsoft store issues with ssl-bump
Alex Rousskov
rousskov at measurement-factory.com
Tue Jan 12 16:57:54 UTC 2021
On 1/12/21 10:46 AM, Eliezer Croitoru wrote:
> I am using the next stare rule:
> acl tls_s1_connect at_step SslBump1
> acl tls_s2_client_hello at_step SslBump2
> acl tls_s3_server_hello at_step SslBump3
> ssl_bump stare tls_s2_client_hello
I do not know what you are trying to acheive, but if the above is your
entire ssl_bump configuration, then, bugs notwithstanding, it should be
equivalent to a much simpler one:
# splice at step1, without looking at SNI
ssl_bump splice all
Alex.
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Alex Rousskov
> Sent: Tuesday, January 12, 2021 5:15 PM
> To: Squid Users <squid-users at lists.squid-cache.org>
> Subject: Re: [squid-users] Microsoft store issues with ssl-bump
>
> On 1/12/21 7:42 AM, Amos Jeffries wrote:
>> IIRC latest Squid force the client to TLS/1.2 when
>> preparing to bump, but may not for spliceand stare. So YMMV.
>
> FTR: Bugs notwithstanding, modern Squid changes nothing on TLS level
> when peeking, splicing, and/or terminating. Squid changes TLS bytes when
> staring and/or bumping.
>
> Alex.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list