Search squid archive

Squid ssl_bump always makes outbound connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Using squid-4.2-1.el7.x86_64

I'm looking at ways to optimize Squid when using ssl_bump. We use the peek & splice approach now and it works pretty well. 

While running some tests, I noticed that Squid always makes an outbound connection to the remote server regardless of when I terminate the connection. I'm trying to build a configuration that denies traffic immediately if the client SNI header doesn't match without making a connection to the remote host.

Here is a very simple configuration that should terminate all connections after step1. The connection is terminated, but by running a tcpdump at the same time, I see that Squid still makes an outbound connection.

acl step1 at_step SslBump1
ssl_bump terminate step1

I would expect that if I terminate after step1, the connection to the remote server should never be made. Can anyone help me understand why Squid would still make the outbound connection in this instance? 
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux