On 24/01/2017 3:38 p.m., Mustafa Mohammad wrote: > By regression...I mean our QA testing server. Let me explain this in > detail: I have a squid proxy running which is needed to connect to the > server so we can get back if the transaction was approved or not. It is a > point of sale application that send transaction data to the server to > receive response about the transaction and that's when the problem is > occurring when It is trying to communicate to that server. I received some > help and I think ssl splice and ssl peek might work but I don't know how to > use them. I don't the rules to apply in this situation. Whats usually needed in these setups is a reverse-proxy (aka "load balancer", CDN frontend, etc.). But for that to be Squid it would require the POS application to be messaging with HTTP. Is that the case? The peek-and-splice form of SSL-Bump MITM might work anyway so long as the application is actually using real TLS. But you need to be aware the splice action is just blindly tunneling the TLS data through Squid. It is not being touched, so anything like CRL issues is a problem between the endpoints - Squid cannot help unless its actually HTTP messages, then 'bump' action is needed to fully decrypt and modify the TLS. (That said, there have been some weird issues showing up even when the tunnel is spliced. see the threads about 30sec delays to cloudeflare, or curl rejecting tunneled traffic.) Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users