On 1/27/22 12:32 PM, clark_wfh@xxxxxxxxxxx wrote: > Can squid bump TLS connections for DNS over TLS ? I tried TLS > interception passively and redirected port 853 to the proxy port. It > looks like squid receives the connection but cannot forward it. I think > this could be due to lack of headers, at least there was some related > error. Should squid work in theory with DoT? When decrypting intercepted TLS, SslBump expects to find HTTP, not DNS messages. Squid can decrypt DoT but, if you are lucky, will treat what is inside according to the on_unsupported_protocol settings. Squid can be enhanced to recognize DNS messages inside DoT connections, but I doubt it should be. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
