On 1/02/2016 11:35 a.m., Luis Daniel Lucio Quiroz wrote: > Hello > > Can anyone give some clue, link something to read on how to do the HTTPs > work with SNI, i just want to forward to the correct server based on the > SNI. I want to get rid of SNIproxy in favor of squid. That should be possible with Squid-3.5 or later by intercepting the port 443 traffic (*not* reverse-proxy / accel) and using: acl step1 at_step SslBumpStep1 ssl_bump peek step1 ssl_bump splice all But be aware that SNI does not provide any guarantee of "correct server". HTTP (even in its 'HTTPS' form) is a multiplexed messaging protocol. When you do the above Squid will not be able to protect you against any Host header attacks buried inside the TLS layer - not that sniproxy does either (in fact sniproxy seems by design to actively _enable_ those type of vulnerabilities). Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
