Search squid archive

Re: Trying to set up SSL cache - solved!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/24/22 14:38, Dave Blanchard wrote:

> ssl_bump client-first all

What is the replacement for client-first?

A "good" answer depends on what exactly you are trying to achieve; details matter. A "dumb" answer (i.e. a direct replacement without considering your true needs and Squid bugs) is:

  ssl_bump bump all

Please do not misinterpret my statement as if that dumb answer is never good or correct. It all depends on your needs.


I prefer to handle the certificate validation externally

It is a common need. Squid supports external certificate validator programs (a.k.a. helpers). Look for sslcrtvalidator_program in squid.conf.documented. For communication details, see the following wikip age and src/security/cert_validators/fake/

https://wiki.squid-cache.org/Features/AddonHelpers


HTH,

Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux