[squid-users] Trying to set up SSL cache
Alex Rousskov
rousskov at measurement-factory.com
Fri Feb 25 16:28:58 UTC 2022
On 2/25/22 06:16, Amos Jeffries wrote:
> On 24/02/22 15:26, Dave Blanchard wrote:
>> ssl_bump peek all
>
> Okay TLS handshake clientHello gets observed by Squid.
... and TLS ServerHello. The "all" ACL will match during SslBump step1
_and_ step2
>> ssl_bump bump all
>
> ... now (step3) everything gets decrypted.
No, the above ssl_bump configuration line has no effect. In modern
environments, one cannot bump after peeking at the server.
Squid bugs notwithstanding, the configuration in question is equivalent to:
ssl_bump peek step1
ssl_bump peek step2
ssl_bump splice step3
No HTTP caching is possible for HTTPS transactions with this (or any
other splicing) configuration, of course.
Alex.
More information about the squid-users
mailing list