On 09/07/2015 11:36 PM, Dan Charlesworth wrote: > First, here’s my config (shout out to James Lay): > acl client_hello_peeked at_step SslBump2 > ssl_bump splice client_hello_peeked bump_bypass_domains > ssl_bump bump client_hello_peeked Just in case somebody tries to copy this: AFAICT, in Squid v3.5.8, the above config does not make sense. Since client_hello_peeked does not match during step1, no ssl_bump rules will patch during step1, and so the above is equivalent to: ssl_bump splice !all ssl_bump bump !all which, in turn, should be equivalent to: ssl_bump splice all because "splice" is the default ssl_bump action unless Squid has been "staring". That, in turn, should be nearly equivalent to not using SslBump at all. There are some side effects related to the always-performed SslBump step1 actions that you may observe, but I doubt you were after those side effects. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
