On 13/03/20 12:44 pm, GeorgeShen wrote: > > Understood. not altering the bytes. My question is simple: > if using squid to do splicing proxy action of https sessions, is there a > squid configuration to block/drop the session if the remote server's > certificate is signed by a 'untrusted' CA? You should be able to do something like this: ssl_bump peek all ssl_bump terminate ssl::certUntrusted ssl_bump splice all I have not tried that myself, so not sure if it would terminate on client certs. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
