On 12/07/2016 07:53 AM, --Ahmad-- wrote: > yes thats why i posted that and hope that it can help guys . IMHO, replacing what is supposed to be a working feature with a whole other product is unlikely to be helpful long-term. * If "ssl_bump splice all" does not work for an intercepting https_port, then file or update a bug report (at least). * If "ssl_bump splice all" works, then your message is more likely to misdirect and spread FUD than to help those struggling with SslBump. Alex. >> On Dec 6, 2016, at 11:58 PM, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote: >> >> On 12/06/2016 02:43 PM, --Ahmad-- wrote: >> >>> i always see many people suffer from problems of https pump with some websites . >>> and in the same time i see that they are not interested with caching of https . >>> so all what they need is they just let HTTP & HTTPS as transparent . >>> >>> so i just want to share about “redsocks” tool and using it to catch up https and forward it to other squid server using “TCP_connect “ METHOD . >>> >>> u can use redsocks and from redsocks forward it to squid again using “tcp_connect “ >> >> If using an external TCP CONNECT wrapper is better than using "ssl_bump >> splice all" Squid configuration, then there is some Squid bug that we >> need to fix because "ssl_bump splice all" is supposed to generate the >> same TCP CONNECT internally, without any wrappers. >> >> AFAIK, most SslBump problems in modern Squids are related to cases where >> folks want [a lot] more than just blindly tunnel (and log) all >> intercepted HTTPS connections. Many do not care about caching indeed, >> but most care about the details of what is being proxied. >> >> >> Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
