|
On 27/01/15 11:13, Dan Charlesworth
wrote:
That can't be the case. If the external ACL is called without the SNI, then at best all it can do is connect to an IP address and scrape the server response. But some SSL servers (especially WAFs) are configured to DROP connections if they don't see a client SNI (I've seen this with CDN networks with my own experience with external ACLs). Only squid has access to the SNI - it has to be done in squid code. Jason -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
