sslbump can be used in peek+splice and peek+bump modes.
Depending on what Squid finds in the peek (e.g. a teamviewer FQDN) Squid can decide to splice (not interfere) the connection.
Below is an example.
Marcus
# TLS/SSL bumping definitions
acl tls_s1_connect at_step SslBump1
# define acls for sites that must not be bumped
acl tls_server_is_bank ssl::server_name .abnamro.nl
acl tls_server_is_bank ssl::server_name .abnamro.com
acl
tls_server_is_teamviewer ssl::server_name .teamviewer.com
acl tls_to_splice any-of tls_server_is_teamviewer tls_server_is_bank
# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect # peek at TLS/SSL connect data
ssl_bump splice tls_to_splice # splice some: no active bump
ssl_bump stare all # stare(peek) at server
ssl_bump bump # bump if we can (if the stare succeeded)
On 10/22/21 17:24, Alex Rousskov wrote:
I do not know much about TeamViewer, ...
You do not need SslBump and https_port for this.
AFAIK you *cannot* use SslBump, as TeamViewer pinpoints certificates.
If someone can prove me wrong, I'd be curious to know how they manage this.
bye
av.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
