-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/12/2014 10:52 p.m., Yu-Hsuan Liao wrote: >> Only if "skype_list" matches the TCP packet IP address (without >> rDNS being looked up) will the peek happen. > >> I think you need to add at_step ACL test to peek always at >> step1, then do the other actions at step2 once SNI (domain name) >> is possibly available. > > Hello Amos, > > What if a non-SSL over 443 or a non-HTTP over SSL connections? The peek at step1 should be detecting that non-TLS/SSL is occuring. For the non-HTTP over TLS/SSL... IF you bumped it Squid can still fallback to tunnel I think, but a slower way than splice normally would. A few people are indicating problems or weirdness with how serverHello is handled so YMMV. NP: this is all brand new complicated functionality and I'm not the author/designer. So reality may differ a bit from what I understand of it all. > Skype voice connection seems an non standard SSL > negotiation(Partial Handshake), is it possible revert to tunnel > mode at steps to bypass connection? > As long as you are able to determine whether to do splice and Squid has not yet auto-generated anything that got sent out, then you should be able to. If Squid has sent anything over the wire that was generated by Squid (bumping) the only choices left are continue with bump or reject/abort. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUkXNaAAoJELJo5wb/XPRj2awH/2o+zdYmKSht6T+4NnlexI4y fKEY+9v1jP8+ugFzcpuEu9AeOLN8JZZf1lC+uVBeRDyZD7XGRiY4DuAW4dJle9Mk ythFOp1WIU4JWa9+FjQv4fpR3ua1t5JljVfyHZRxXBOMZTYs9E9cMdE4wsCW5TBa 7P8dGpfHXKFDyJNhtJEZO2rG8w4cUiVn9L33ZBkYcysTeAQdZdc70jRdpJndLOiA yeR8C7FGMtDyQ207QXIimrVhhas8gRWFn2bhG9i5JbCYzpS4TLb3XHQm1KUR+Kvn V0aXkS576MuoJOb46LnQEznm7cL8AJeri7GYGo2FxwH2MWeGTmYoPEeIZ+jkikE= =sRS7 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
