On 14/06/2014 4:44 a.m., MrErr wrote: > So if i want to ssl_bump only google, will the following statements work? > > acl https_targets dstdomain .google.com > ssl_bump server-first https_targets > > I already tried it, and they don't seem to work. What would be a working > configuration if i wanted only google.com to be bumped? Identify all the IP addresses used by Google and create a dst ACL from them. > > ssl_bump server-first all, works but it bogs down squid and this slows down > the internet. The price of TLS is increased resource usage and slower traffic. The use of a proxy to decrypt and re-encrypt along the way doubles the requirements and halves the speed. Amos
