On 2/25/22 06:16, Amos Jeffries wrote:
On 24/02/22 15:26, Dave Blanchard wrote:
ssl_bump peek all
Okay TLS handshake clientHello gets observed by Squid.
... and TLS ServerHello. The "all" ACL will match during SslBump step1
_and_ step2
ssl_bump bump all
... now (step3) everything gets decrypted.
No, the above ssl_bump configuration line has no effect. In modern
environments, one cannot bump after peeking at the server.
Squid bugs notwithstanding, the configuration in question is equivalent to:
ssl_bump peek step1
ssl_bump peek step2
ssl_bump splice step3
No HTTP caching is possible for HTTPS transactions with this (or any
other splicing) configuration, of course.
Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
