On 17/07/2015 11:40 a.m., HackXBack wrote: > i have an idea for solve problems with sites and app's that work on port 443 > but cant establish connection with squid, > i see that when this connection cant established the TCP_NONE appear in > access.log, > then why we cant use an option that when this tcp_none come on some app > redirect it to TCP_TUNNEL and then it will bypassed and the connection will > be established without decryption but at minimum it will work automatically > without make to that ip ssl_bump none x.x.x.x > who support me ? TCP_TUNNEL means TCP packets being passed through a CONNECT tunnel. No TLS involvement in any way. What you are thinking of would be labeled "TLS_SPLICE" (if we had such labels - since we dont it gets "NONE"). Where Squid is mediating between two TLS encrypted tunnels, has touched the non-crypted parts without actively decrypting the payload. The case where Squid peeks at the first few bytes and sees immediately that its not even TLS, (or have configured "ssl_bump none" to happen) will already TCP_TUNNEL automatically in Squid-3.5+. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
