Search squid archive

Re: Quick peek-splice clarification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2015-06-23 at 09:11 +0200, Klavs Klavsen wrote:
Hi James,

Did you ever find an answer for this?

James Lay wrote on 06/11/2015 02:16 AM:
> All,
>
>  From the docs at:
>
> http://wiki.squid-cache.org/Features/SslPeekAndSplice
>
> *peek*
>
>
> 	step1, step2
>
>
> 	Receive SNI and client certificate (step1), or server certificate
> (step2) while preserving the possibility of splicing the connection.
> Peeking at the server certificate usually precludes future bumping of
> the connection (see Limitations). This action is the focus of this project.
>
>
> *stare*
>
>
> 	step1, step2
>
>
> 	Receive SNI and client certificate (step1), or server certificate
> (step2) while preserving the possibility of bumping the connection.
> Staring at the server certificate usually precludes future splicing of
> the connection. Currently, we are not aware of any work being done to
> support this action.
>
>
>
> I see a lot of:
>
> ssl_bump peek all
>
> Does this perform both step1 with SNI and client cert, AND server cert?
> Thank you.
>
> James
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
>



Hi Klavs,

I did not.  I can tell you in my testing that:

ssl_bump peek step1 all
ssl_bump peek step2 all

versus

ssl_bump peek all

Did not give me the same results, so I'm going to assume a single statement only performs SNI lookup, but maybe someone else on the list has a better answer.

James
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux