Hello Amos,
thank you for your reply.
Let's take for instance this line:
I have dumped the traffic passing through the interface on the router during
this request.
In client hello in Extension "server_name" I can see the domain:
According to RFC, domain is a must in Client Hello, when SNI is
Hello Nathan,
thank you for an example.
What version of squid are you running?
Mine is:
I've tried to apply the config you've posted, but with no luck. Squid can't
get the domain:
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-and-SNI-tp4670207
Hello,
does anyone have the working squid 3.5 with intercept + https?
I've googled a lot, but seems there is no any positive experience with it.
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-and-SNI-tp4670207p4671432.html
Sent from the Squid - Us
Hi Vadim,
I've tried using these options - did not help.
I've even tried to add %rd to logs, but still, IPs are show:
Vadim Rogoziansky wrote
> Hi,
>
> check something like this
>
> acl step1 at_step SslBump1
> ssl_bump stare step1 all
>
> acl sslBumpDeniedDstDomain ssl::server_name google
I have tried to remove all the restrictions, but still:
-SP
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-and-SNI-tp4670207p4671306.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Hello Amos,
I still get IP-addresses instead of domain names:
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-and-SNI-tp4670207p4671299.html
Sent from the Squid - Users mailing list archive at Nabble.com.
__
Hi,
were there any improvements in squid 3.5 recently?
I've tried peek-n-spice again in 3.5.4, but again transparent proxy for
hosts using SNI is not working properly.
My config for ssl-bump is the following:
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.
