Hi there We just had an incident where I would really have liked to have had transparent TLS intercept in place. Currently I'm still in "experimental" phase and don't want to go full "bump", but some quick testing of just activating "splice" with TLS intercept seems to me to be zero risk ie instead of allowing direct port 443 Internet access, redirect it back onto squid-3.5 set to splice all port 443 traffic. End result is squid logfiles containing the following .. CONNECT 1.2.3.4:443 blah .. CONNECT real.SNI.name:443 blah Then at least I can see what HTTPS sites have been visited when I need to. Does going "splice" mode avoid all the potential SSL/TLS issues surrounding bump? ie it won't care about client certs, weird TLS extensions, etc? (ie other than availability, it shouldn't introduce a new way of failing?) Thanks! -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
