On 10/04/2015 2:14 a.m., Stakres wrote: > Yuri, > > > > We’re trying that : > > - Tproxy > > - ssl_bump bump all > > does not work. > > > > We have followed the squid wiki regarding iptables rules, sysctl, etc… > > Instead “ssl_bump bump all”, if we use “ssl_bump server-first all” , it works, the https is decrypted. > > > > So is the tproxy compatible with the new squid 3.5.x ssl_bump options ? With intercept / tproxy you may need to peek first to get the ClientHello details. Those are needed not just for any ssl_bump directive ACLs, but also for generating the correct ClientHello to be delivered to the server. Without it Squid only has the raw-IP details from TCP to work with. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
