| Hello all I’ve been testing out an SSL bumping config using 3.5.8 for the last week or so and am scratching my head over a couple of things. First, here’s my config (shout out to James Lay): acl tcp_level at_step SslBump1 acl client_hello_peeked at_step SslBump2 acl bump_bypass_domains ssl::server_name “/path/to/some/domains.txt" ssl_bump splice client_hello_peeked bump_bypass_domains ssl_bump bump client_hello_peeked 1. Why don’t spliced connections get a user agent logged like explicit CONNECTs do? 2. Safari produces this error visiting all sorts of websites (github, wikipedia, gmail): Error negotiating SSL connection on FD 15: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback (1/-1) … whereas Chrome and Firefox do not. What’s the story with this one? Thanks! P.S. If it makes any difference, this is using an RPM I built for CentOS 6 using openssl-1.0.1e-42.el6.x86_64. |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
