On 28/10/2015 9:11 a.m., Jatin Bhasin wrote:
> Hi Amos,
>
> My client is sending sni. I have checked this. Squid only generates SNI
> fake connect at step2 if sslbump action is splice. For all other ssl bump
> actions it does not generate fake connect with sni.
> Is this a bug or limitation in squ
Hi Amos,
My client is sending sni. I have checked this. Squid only generates SNI
fake connect at step2 if sslbump action is splice. For all other ssl bump
actions it does not generate fake connect with sni.
Is this a bug or limitation in squid? Do you plan in future to change it?
Thanks
Jatin
On
Hi Alex,
Thanks. I understand this. I want a mechanism by which squid can send
the FAKE connect SNI as HOST request to ecap adapter so that I can
decide whether to bump this connection or not. So do you think this
will not be possible in current release of squid ?
Squid does not generate SNI FAKE
On 10/26/2015 06:34 AM, Jatin Bhasin wrote:
> I am running squid 3.5.10 for bumping transparent SSL connections To
> achieve this I am using following squid configuration for SSL Bumping.
>
> ssl_bump peek step1 all
> ssl_bump peek step2 nobumpSites
> ssl_bump bump step3 nobumpSites
> ssl_bump bu
On 27/10/2015 1:34 a.m., Jatin Bhasin wrote:
> Hello,
>
> I am running squid 3.5.10 for bumping transparent SSL connections To
> achieve this I am using following squid configuration for SSL Bumping.
>
> acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt"
> ssl_bump peek step1 all
Hello,
I am running squid 3.5.10 for bumping transparent SSL connections To
achieve this I am using following squid configuration for SSL Bumping.
acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt"
ssl_bump peek step1 all
ssl_bump peek step2 nobumpSites
ssl_bump bump step3 nobump
