On 6/8/21 7:36 AM, squid3@xxxxxxxxxxxxx wrote: > The way I think to approach it though is to start with the > configuration parser. That starting point does not compute for me. We do need to agree on how to configure this feature, but parsing any resulting Squid configuration ought to be very straightforward. Perhaps you have meant "TLS ClientHello parser", but Squid already has that. > A simple peek-splice/terminate TLS traffic flow > should not need certificates setup by admin. Squid already does not generate/use certificates for splicing or terminating connections. In splice-or-terminate use cases, the certificates come into play only when delivery _errors_. A feature to prevent bumping for error delivery (and remove any configuration requirements for CA certificate) should be welcomed IMO. Please drop squid-users if responding to this email. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
