On 01/03/2018 03:30 PM, brianbergstrom wrote: > If I understand the docs and this thread correctly, Squid should be removing > h2 from the ALPN in the Client Hello since Squid does not support it. Please note that Squid cannot remove something when using "peek" and "splice" actions. I do not know whether Squid removes unsupported ALPN values when using "stare" and "bump" actions, and I would not be surprised to learn that Squid does not police those values at all (yet), but I want to emphasize that the combination of "removing" and "splicing" is impossible. > ssl_bump peek step1 > ssl_bump peek step2 allowed_https_sites > ssl_bump peek step2 allowed_https_ips > ssl_bump splice step3 allowed_https_sites > ssl_bump splice step3 allowed_https_ips > ssl_bump terminate step2 all HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
