Hi there, We¹re running squid with SSL bump as a transparent proxy in order to control access to particular SSL sites. We¹ve noticed an issue with access to facebook from within the facebook app -- specifically it can get through the proxy even though it is *not* listed as a domain to splice. Accessing the facebook site from a web browser is blocked as expected. Looking at packets in Wireshark, the app traffic that gets through seems to use a different style of SSL handshake from the web traffic as follows: App traffic: > client hello < server hello, change cipher spec - change cipher spec message: this session reuses previously negotiated keys (session resumption) < encrypted handshake message > change cipher spec, encrypted handshake message, application data > application data Web traffic: > client hello < server hello < certificate < server key exchange > client key exchange > change cipher spec > encryped handshake message < new session ticket, change cipher spec, encrypted handshake message > application data I suspect this may be the same or a similar issue referred to in the 3.5.19 release changes (TLS: Fix SSL alert message and session resume handling) -- would someone please confirm or deny? And if we were to upgrade to 3.5.19, is the build on Centos 6 a relatively easy one? We¹ve been using Eliezer Croitoru¹s builds so far, but I don¹t think he¹s had time to make the latest build yet! For reference, the relevant parts of our squid configuration are as follows: https_port {squid-ip}:443 cert=/path/to/cert key=/path/to/key sslflags=NO_DEFAULT_CA intercept ssl-bump acl to_teads_tv_ssl ssl::server_name .teads.tv ssl_bump splice to_teads_tv_ssl acl hello at_step SslBump1 SslBump2 ssl_bump peek hello ssl_bump terminate all Thank you for your help! Adam Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky plc and Sky International AG and are used under licence. Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of Sky plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users