ations to understand the
behavior would be much appreciated.
Kind regards,
Andreas Weigel
PS:
log excerpt from squid-v4.16 (successful rewrite-url)
2024/06/14 14:46:30.750 kid1| 61,2| /client_side_request.cc(1266)
clientRedirectDone: URL-rewriter diverts URL from https://youtube.com/
t
le) chunked encoding.
Kind regards,
Andreas
--
Andreas Weigel
UTM Backend Developer
Securepoint GmbH
Bleckeder Landstraße 28
D-21337 Lüneburg
https://www.securepoint.de
Geschäftsführer: René Hofmann
Amtsgericht Lüneburg HRB 1776
___
squid-users mail
Hi again,
FWIW, Factory is (slowly) working on an SslBump refactoring project
that may address this bug.
Thanks, I'll keep an eye on that.
Andreas
Zitat von Alex Rousskov :
On 9/21/21 10:14 AM, Andreas Weigel wrote:
Hi,
sorry for the late response and the ambiguity in the initial
Hi,
sorry for the late response and the ambiguity in the initial post.
That fact is unrelated to the concern being raised in this thread
AFAICT: The concern is _not_ whether Squid verifies the target of the
SNI-based CONNECT during step3. The concern is whether Squid verifies
the target of the
Hi,
I noticed that squid behaves differently with regard to checking the
SNI of a (fake-)Connect request depending on the sslbump step a
"splice" is performed. This is more or less a follow-up on " Squid
spliced TLS handshake failing with chrome/ium fallback for certain
servers".
If spl
ere, though.
Andreas
Zitat von Alex Rousskov :
On 6/9/21 3:29 PM, Andreas Weigel wrote:
I stumbled upon a case of someone complaining about a site not being
reachable via squid. Squid was running as transparent proxy and splicing
TLS connections.
Squid reported a TLS handshake error to the cli
Hi Alex,
I can only suggest to either fix the Squid bug/limitation or decide to
splice during step1 (based on client SNI, etc., before Squid talks to
the origin server).
don't know why I haven't yet had the idea, but indeed, if I force
splicing at step 1 or even 2, the site loads without err
Hi everyone,
I stumbled upon a case of someone complaining about a site not being
reachable via squid. Squid was running as transparent proxy and
splicing TLS connections.
Squid reported a TLS handshake error to the client
(SQUID_ERR_SSL_HANDSHAKE; Handshake with SSL server failed:
erro
