This is a different log trace from David's. Here Squid is setting up a TUNNEL to the clients original dst-IP, successfully. Any TLS funky stuff going on for this transaction is done directly between server and client. Squid's only involvement is to peek at the Hello messages and record them for its log. But some of those details (ie the agreed cipher) come from the ServerHello on successful TLS setup. So I think no errors happened in that log entries transaction. Amos ______________________________________________________________________________________________ Hi tried with acl nossl dst 104.16.41.2 acl nossl2 dstdomain -i .mozilla.org ssl_bump splice nossl ssl_bump splice nossl2 acl ssl_step1 at_step SslBump1 acl ssl_step2 at_step SslBump2 acl ssl_step3 at_step SslBump3 ssl_bump peek ssl_step1 ssl_bump splice all sslproxy_flags DONT_VERIFY_PEER sslproxy_cert_error allow all 1485252508.663 2 192.168.1.236 TAG_NONE/403 6263 CONNECT 104.16.41.2:443 - HIER_NONE/- text/html 1485252509.385 2 192.168.1.236 TAG_NONE/403 6263 CONNECT 104.16.41.2:443 - HIER_NONE/- text/html Using squid port 3128 without any bump allow accessing to mozilla So if there are any acl it will be blocked on both. Return back to list with a full debug mode.. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
