Hi James, Did you ever find an answer for this? James Lay wrote on 06/11/2015 02:16 AM: > All, > > From the docs at: > > http://wiki.squid-cache.org/Features/SslPeekAndSplice > > *peek* > > > step1, step2 > > > Receive SNI and client certificate (step1), or server certificate > (step2) while preserving the possibility of splicing the connection. > Peeking at the server certificate usually precludes future bumping of > the connection (see Limitations). This action is the focus of this project. > > > *stare* > > > step1, step2 > > > Receive SNI and client certificate (step1), or server certificate > (step2) while preserving the possibility of bumping the connection. > Staring at the server certificate usually precludes future splicing of > the connection. Currently, we are not aware of any work being done to > support this action. > > > > I see a lot of: > > ssl_bump peek all > > Does this perform both step1 with SNI and client cert, AND server cert? > Thank you. > > James > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users >
Hi Klavs,
I did not. I can tell you in my testing that:
ssl_bump peek step1 all
ssl_bump peek step2 all
versus
ssl_bump peek all
Did not give me the same results, so I'm going to assume a single statement only performs SNI lookup, but maybe someone else on the list has a better answer.
James
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
