-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How can that be? All HSTS sites cry with 3.5 bump option - they don't like host IP as CN, other sites behaviour depending they (and browsers) settings. Is it possible to keep server-first behaviour in 3.5.x ? WBR, Yuri 09.01.2015 16:57, Amos Jeffries пишет: > On 9/01/2015 11:45 p.m., Yuri Voinov wrote: > > > I have working production 3.4.10 with working ssl bumping. > > > Config was the same as working 3.4.10. I've just want to take a > > look on new release. > > > in squid.documented said, than backward compatibility server-first > > and none options for ssl_bump are kept. > > > But: > > > Neither works with old syntax, nor new. > > > Looks like target https hosts not resolved and bump got only IP. > > The config values are still accepted, but there is an extra bumping > stage now before the SNI is available. > > You are wanting to peek at stage 1 (to get the client SNI details) and > server-first/splice at stage 2 (using the domain). Otherwise All Squid > works with when intercepting are the TCP IPs. > > Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUsDE9AAoJENNXIZxhPexGl+MH/2wEV5rEDSb6eQ5KRbHI8ZJ4 WV0fdTg7yFR+bfWCUYzjVovQhrx0gaIFLNWvuwDbc62zJJnvADQuAzu7chouafkP wpGuBjjp3jYZWa1TlZN4XoDeK2THswXau/5kY9P7IKKAJu9VjhjII803ywn5C8DW 48NQWU0Uhs86Tr6XAuaRzUYZK6lht0VcJFKiftmKmOE7Rl7+Yy/Kak1zXxLh8mzX a8N0DSsSlBqIm7s8yngwWQuf8rQ0tlwrKWNSpCL3xD6Wk0MFwhRqe6Vbncj4sbff p0OifMf0YD5sbytsUq4OO5HOdO7WPu+foB2AMKSiou5cDMqz5Vcnw0mD35t25Fg= =OEZu -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
