Re: Host header forgery affects pure splice environment too?

Jason Haar <Jason_Haar@xxxxxxxxxxx> · Mon, 28 Dec 2015 11:57:58 +1300



On 28/12/15 11:50, Yuri Voinov wrote:
> I think, to eliminate this error you need to splice all torify connections.
As I said - squid is configured to *only*  splice - there is no bump-ing
going on. So this is already the case

acl DiscoverSNIHost at_step SslBump1
ssl_bump peek DiscoverSNIHost
acl SSL_https port 443
ssl_bump splice SSL_https

-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


Attachment:
signature.asc

Description: OpenPGP digital signature
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users