* Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>: > Please consider adding this fine example to the SslPeekAndSplice wiki > page at http://wiki.squid-cache.org/Features/SslPeekAndSplice > > > Please note that if you do not want to bump anything, then the following > should also work (bugs notwithstanding): > > ssl_bump splice whitelist > ssl_bump peek all > ssl_bump terminate blacklist > ssl_bump splice all That doesn't seem to work for me (squid 3.5.2) - at the very bottom of my config I have: *** snip *** acl whitelist ssl::server_name_regex -i "/etc/squid3/DENY_SSL_BUMP" acl blacklist server_cert_fingerprint "/etc/squid3/SSL_BLACKLIST" ssl_bump splice whitelist ssl_bump peek all ssl_bump terminate blacklist ssl_bump splice all *** snap *** I put "9ec8153f27c9b5bab91749c80ad7df21d38c8050" into /etc/squid3/SSL_BLACKLIST -- which is the SHA-1 Fingerprint of https://www.arschkrebs.de/ Yet I still can connect. What am I doing wrong? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebrandt@xxxxxxxxxx Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
