On 13/01/2023 10:47 am, andre.bolinhas wrote:
So is a bug for 500 or a bad configuration?
I have also tried this setup and seams to "fix" the tcp_tunnel/500
...
Basically the changes that I made is on peek step changing from
ssl_bump peek ssl_step1
To
acl NotPeek any-of Group26
You should not need "any-of" ACL with a single entry. Just use "Group26"
directly.
ssl_bump peek !NotPeek
This is a good idea?
What you have done here is tell Squid to peek at both step1 and step2.
The peek action is not relevant at step3, which lets Squid reach the
splice rules.
The "bump" action will now be performed at step1 before any details of
the server cert are available.
This can work, but generally is a bad idea with current TLS. I recommend
doing a peek, stare, bump sequence instead for the NotPeek/Group26 traffic.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
