Perhaps an alternative is to peek only on step1:
acl step1 at_step SslBump1
ssl_bump peek step1
acl allowed_https_sites ssl::server_name_regex "/opt/etc/squid/http_url.txt"
ssl_bump splice allowed_https_sites
ssl_bump terminate all
On Nov 25, 2017 14:46, "James Lay" wrote:
> On Sun, 2017-11-26
On Sun, 2017-11-26 at 01:33 +1300, Amos Jeffries wrote:
> On 26/11/17 00:52, James Lay wrote:
> >
> > On Sat, 2017-11-25 at 23:48 +1300, Amos Jeffries wrote:
> > >
> > > On 25/11/17 08:30, James Lay wrote:
> > > >
> > > > Topic says it...this setup has been working well for a long
> > > > time,
On 26/11/17 00:52, James Lay wrote:
On Sat, 2017-11-25 at 23:48 +1300, Amos Jeffries wrote:
On 25/11/17 08:30, James Lay wrote:
Topic says it...this setup has been working well for a long time, but
now there are some sites that are failing the TLS handshake. Here's
my setup: acl localnet src
On Sat, 2017-11-25 at 23:48 +1300, Amos Jeffries wrote:
> On 25/11/17 08:30, James Lay wrote:
> >
> > Topic says it...this setup has been working well for a long time,
> > but
> > now there are some sites that are failing the TLS handshake.
> > Here's my
> > setup:
> >
> > acl localnet src 192
On 25/11/17 19:40, minh hưng đỗ hoàng wrote:
Dear Amos, thank you so much for your quickly reply .
I have tried to replace my SSL config with your suggestion. But my squid
get a error like this in cache.log:
2017/11/25 13:21:49 kid1| SECURITY ALERT: Host header forgery detected
on local=216.5
On 25/11/17 08:30, James Lay wrote:
Topic says it...this setup has been working well for a long time, but
now there are some sites that are failing the TLS handshake. Here's my
setup:
acl localnet src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CON
