On 10/19/2018 02:01 AM, Amish wrote: > Looks like ssl_bump is going to break once ESNI and Encrypted DNS are > universal. (Ofcourse it may be few years away) > > Probably only way out to detect the domain name would be by implementing > CONNECT proxy instead of transparent one. Using forward proxies may not help as much: A CONNECT request that uses an IP address (instead of a domain name) is pretty much as uninformative as a TCP connection intercepted by a transparent proxy. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
