On 1/12/21 10:46 AM, Eliezer Croitoru wrote: > I am using the next stare rule: > acl tls_s1_connect at_step SslBump1 > acl tls_s2_client_hello at_step SslBump2 > acl tls_s3_server_hello at_step SslBump3 > ssl_bump stare tls_s2_client_hello I do not know what you are trying to acheive, but if the above is your entire ssl_bump configuration, then, bugs notwithstanding, it should be equivalent to a much simpler one: # splice at step1, without looking at SNI ssl_bump splice all Alex. > -----Original Message----- > From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Alex Rousskov > Sent: Tuesday, January 12, 2021 5:15 PM > To: Squid Users <squid-users@xxxxxxxxxxxxxxxxxxxxx> > Subject: Re: Microsoft store issues with ssl-bump > > On 1/12/21 7:42 AM, Amos Jeffries wrote: >> IIRC latest Squid force the client to TLS/1.2 when >> preparing to bump, but may not for spliceand stare. So YMMV. > > FTR: Bugs notwithstanding, modern Squid changes nothing on TLS level > when peeking, splicing, and/or terminating. Squid changes TLS bytes when > staring and/or bumping. > > Alex. > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
