> It is too late to alter the client certificate. By the time a server > connection is opened Squid may have already served replies out of cache > to the client. I am a bit surprised. Can sslbump make some https content cacheable? > Meanwhile it is worth investigate why you are getting so many failures... The actual failure is not my problem, however, the potential of failure or behavior difference from none sslbump setup is becoming a roadblock for sslbump acceptance. Ming