Hello guys, I have a question about bumping and SNI. Is it supported now in squid 3.5? What do I have: Debian Linux squid 3.5.2 Config for SSL transparent interception is the following: https_port 10.10.115.7:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/squidCA always_direct allow all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER ssl_bump none localhost ssl_bump peek all ssl_bump bump all sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 5 With this configuration access log looks like this for HTTPS traffic: 192.168.78.31 - - [05/Mar/2015:13:44:50 +0200] "CONNECT 177.71.251.241:443 HTTP/1.1" 200 0 "-" "-" TCP_DENIED:HIER_NONE 192.168.78.31 - - [05/Mar/2015:13:44:50 +0200] "CONNECT 223.25.233.66:443 HTTP/1.1" 200 0 "-" "-" TCP_DENIED:HIER_NONE 192.168.78.31 - - [05/Mar/2015:13:44:50 +0200] "CONNECT 103.16.26.232:443 HTTP/1.1" 200 0 "-" "-" TCP_DENIED:HIER_NONE 192.168.78.6 - - [05/Mar/2015:13:44:54 +0200] "CONNECT 65.55.163.221:443 HTTP/1.1" 200 895 "-" "-" TCP_TUNNEL:ORIGINAL_DST Certificates are generated for IP's as well, not CNs. Clients are redirected via IPtables. I have tried to modify ssl_bump options: 1) ssl_bump stare all 2) ssl_bump peek all 3) ssl_bump bump all etc., but still only IPs are shown. Could you please tell, where it is I'm mistaken? -- Regards _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
