Hi Amos,
My client is sending sni. I have checked this. Squid only generates SNI fake connect at step2 if sslbump action is splice. For all other ssl bump actions it does not generate fake connect with sni.
Is this a bug or limitation in squid? Do you plan in future to change it?
Thanks
Jatin
On 27 Oct 2015 1:52 am, "Amos Jeffries" <squid3@xxxxxxxxxxxxx> wrote:
On 27/10/2015 1:34 a.m., Jatin Bhasin wrote:
> Hello,
>
> I am running squid 3.5.10 for bumping transparent SSL connections To
> achieve this I am using following squid configuration for SSL Bumping.
>
> acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt"
> ssl_bump peek step1 all
> ssl_bump peek step2 nobumpSites
> ssl_bump bump step3 nobumpSites
> ssl_bump bump all
>
>
> File "/etc/squid/allowed_SSL_sites.txt" contains www.facebook.com.
>
> On reading documentation I understood that I should see a Fake CONNECT
> request for Facebook.com IP address as below:
>
> TAG_NONE/200 0 CONNECT 17.151.224.13:443 - ORIGINAL_DST/17.151.224.13
>
> And at Step2 there should be a Fake CONNECT request for SNI
> information extracted.
Only if SNI is actually sent by the client. It is not guaranteed to be sent.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
