Hi, I'm using squid-3.5.20 to sslbump by default, and splice if needed: ---snip--- acl splice_domains dstdomain "/usr/local/etc/squid/acl/splice_domains acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump splice splice_domains ssl_bump bump all ---snip--- As far as I am aware, this setup works for most websites. The ones which don't work are usually those with self-signed certificates, but I am easily overriding them by adding problematic domains to above acl. My biggest problem is the fact that I can't make skype work with the above config. So, if I reverse sslbump logic - splice by default and bump if needed, skype works: ---snip--- acl bump_domains dstdomain "/usr/local/etc/squid/acl/bump_domains acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump_domains ssl_bump splice all ---snip--- In this setup skype works, but that kinda defeats main purpose of my proxy, which is to inspect https traffic for unwanted extensions and mime types directly in squid, and viruses with squidclamav. Is there a way to instruct squid to splice all numeric IPs? Would it make skype work through squid or there are additional gotchas? Thank you in advance, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/ _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
