Hello, I use squid 3.4.5 and sslbump works great for the most big sites like google and facebook .... There are some destinations, which share there ip with other virual webserver, so the client gets a default certificate from the server with a wrong CN. With SNI the client get the right certificate with the correct CN. I configured "ssl_bump server-first all", but to me it looks like squid doesn't do SNI and so gets the wrong certificate. Does anybody know a workaround for this problem ? -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field.