The configuration provided by Alex works for me (squid 3.5.11) if: * the http_port-directive is configured with ssl-bump and a certificate (ex. http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/certs/myCA.pem) * the SHA1-fingerprint in the file SSL_BLACKLISTS is delimited after two characters with a colon (9E:C8:15:3F:27:C9:B5:BA:B9:17:49:C8:0A:D7:DF:21:D3:8C:80:50 for ar***krebs.de) Kind regards, Tom On Mon, Dec 7, 2015 at 4:02 PM, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > On 12/07/2015 04:37 AM, Ralf Hildebrandt wrote: >> * Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>: >>> Please note that if you do not want to bump anything, then the following >>> should also work (bugs notwithstanding): >>> >>> ssl_bump splice whitelist >>> ssl_bump peek all >>> ssl_bump terminate blacklist >>> ssl_bump splice all >> >> That doesn't seem to work for me (squid 3.5.2) > >> Yet I still can connect. What am I doing wrong? > > If you are indeed using v3.5.2, then that is a big red flag. > > If you are using the latest v3.5 release, then you should open a bug > report, preferably with an ALL,9 log depicting a single failing > transaction. AFAICT, the above is meant to work. If it does not, there > is either a Squid bug or misconfiguration [that I cannot detect by > reading email]. > > > Thank you, > > Alex. > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
