On 1/28/22 9:07 AM, Alex Rousskov wrote: > On 1/28/22 8:57 AM, clark_wfh@xxxxxxxxxxx wrote: >> Is there some way to make clients use different outgoing TLS options >> like ciphers or CA file ? > > The combination of [Squid] "clients" and "outgoing" sounds > self-contradictory, but if you are thinking about from-Squid TLS > connections, then look for tls_outgoing_options. > > If you are asking this question in an SslBump context, then please note > that you will have to bump the connection (not splice) at step2 to allow > Squid to honor tls_outgoing_options. Sorry, just noticed that you have already mentioned tls_outgoing_options in the Subject line. That directive does not accept ACLs (yet) so you cannot customize it on a per-client basis. If the number of destinations you need this customization for is small, then you may be able to hack it using cache_peer directives with an originserver option and custom TLS settings. You can use cache_peer_access to control which client gets which cache_peer. IIRC, you can have multiple cache_peers (with different options) that use the same IP address. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
