On 10/26/2015 06:34 AM, Jatin Bhasin wrote: > I am running squid 3.5.10 for bumping transparent SSL connections To > achieve this I am using following squid configuration for SSL Bumping. > > ssl_bump peek step1 all > ssl_bump peek step2 nobumpSites > ssl_bump bump step3 nobumpSites > ssl_bump bump all In the latest Squids, the above config probably does not do what you want. For nobumpSites, your config is equivalent to: ssl_bump peek step1 ssl_bump peek step2 ssl_bump bump step3 which does not work in most cases -- you cannot bump after peeking at step2. For all other sites, you config is equivalent to: ssl_bump peek step1 ssl_bump bump step2 which works. If you want to bump everything, then this should work: ssl_bump stare all ssl_bump bump all If you want to bump everything other than nobumpSites (which needs SNI), then start with something like this: ssl_bump peek step1 ssl_bump splice nobumpSites ssl_bump bump all HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
