Search squid archive

Re: ssl_bump and SNI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20/05/2015 8:22 p.m., sp_ wrote:
> Hello Amos,
> 
> I still get IP-addresses instead of domain names:
> 

That appears to be because the request are just denied. Not peeked or
spliced.

When a new TCP connection is intercepted Squid starts with only the IP
address. Generates a fake CONNECT request from that detail, and checks
http_access for whether to allow/deny that connection. Only if that is
allowed will bumping checks begin to take place - during which SNI
becomes available.

 It seems to me that your http_access logic is actively denying the
initial CONNECT request when only IP is known.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux