Search squid archive

Re: redirect TCP_NONE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 17/07/2015 11:40 a.m., HackXBack wrote:
> i have an idea for solve problems with sites and app's that work on port 443
> but cant establish connection with squid,
> i see that when this connection cant established the TCP_NONE appear in
> access.log,
> then why we cant use an option that when this tcp_none come on some app
> redirect it to TCP_TUNNEL and then it will bypassed and the connection will
> be established without decryption but at minimum it will work automatically
> without make to that ip ssl_bump none x.x.x.x
> who support me ? 

TCP_TUNNEL means TCP packets being passed through a CONNECT tunnel. No
TLS involvement in any way.

What you are thinking of would be labeled "TLS_SPLICE" (if we had such
labels - since we dont it gets "NONE"). Where Squid is mediating between
two TLS encrypted tunnels, has touched the non-crypted parts without
actively decrypting the payload.

The case where Squid peeks at the first few bytes and sees immediately
that its not even TLS, (or have configured "ssl_bump none" to happen)
will already TCP_TUNNEL automatically in Squid-3.5+.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux