-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok, does it mean, that I can't using old bump configuration? So, the right config for 3.5.x must contains what? The IP's against server hostnames in mimicking certificates is equivalence no bump. Every stupid browser will be cry on it. WBR, Yuri 09.01.2015 16:57, Amos Jeffries пишет: > On 9/01/2015 11:45 p.m., Yuri Voinov wrote: > > > I have working production 3.4.10 with working ssl bumping. > > > Config was the same as working 3.4.10. I've just want to take a > > look on new release. > > > in squid.documented said, than backward compatibility server-first > > and none options for ssl_bump are kept. > > > But: > > > Neither works with old syntax, nor new. > > > Looks like target https hosts not resolved and bump got only IP. > > The config values are still accepted, but there is an extra bumping > stage now before the SNI is available. > > You are wanting to peek at stage 1 (to get the client SNI details) and > server-first/splice at stage 2 (using the domain). Otherwise All Squid > works with when intercepting are the TCP IPs. > > Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUr7VRAAoJENNXIZxhPexGbG8IAKSt9K/SX6BigfQXAhMTXmCB gGiRmVl2IP3dyZ9cOMSbYnBJpjo3p+STQ9JwKurV0+u+gnK3/DqcLpAz3N4nn+sI +BYsjR3O+o/Kv3ExD5fihL9cXnliTQ4+YrAwwfnFODsHSd/l3KpbrHBvb+9J4Rwq fSuLkwM8DkcVwVcfq4FB0gBkPzYcY14McuDrU8o0kWt88W4E+IzIOceGTODZ8zaL UnvJU0fa7wO5AnD55jbrfOpk9xfu7NCbLGVWYP0G3m7y3ZwpCbSR082BbiVmgWC8 4R+djVw0aw4eKFTr2G1SXFVDxZ5vYRUIKB6Sl0VtA2YFA4YakTO4PyUQejWkohw= =Wl6n -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users