Amos Jeffries wrote > FYI this is "server-first all". peek and splice before "bump all" is > similar but also different in ways that allow it to handle more problems > in better ways. I never really got to understand how to implement peek and splice verbs. I was glad I could get away with server-first! Any chance someone, or yourself, would rewrite a more detailed example of how to use them? Amos Jeffries wrote > You do need the browser to trust your CA certificate. This is an > absolute requirement of using SSL-Bump features. Always has been. To my surprise back then, it was already trusted, but still browser had the ability to detect interception and warn user about "something bad that is going on"! That is why I resorted to browser-aware, user-aware, and consented explicit bumping. Others might envy me because in my network I managed to convince management to apply a firewall rule to drop all traffic that does not come from squid box :) :) which makes my setup unbreakable (and unaffordable to fail). -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users