On 2/24/22 14:38, Dave Blanchard wrote:
> ssl_bump client-first all
What is the replacement for client-first?
A "good" answer depends on what exactly you are trying to achieve;
details matter. A "dumb" answer (i.e. a direct replacement without
considering your true needs and Squid bugs) is:
ssl_bump bump all
Please do not misinterpret my statement as if that dumb answer is never
good or correct. It all depends on your needs.
I prefer to handle the certificate validation externally
It is a common need. Squid supports external certificate validator
programs (a.k.a. helpers). Look for sslcrtvalidator_program in
squid.conf.documented. For communication details, see the following
wikip age and src/security/cert_validators/fake/
https://wiki.squid-cache.org/Features/AddonHelpers
HTH,
Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users