On 12/03/2015 08:35 PM, Jason Haar wrote: > Does going "splice" mode avoid all the potential SSL/TLS issues > surrounding bump? ie it won't care about client certs, weird TLS > extensions, etc? (ie other than availability, it shouldn't introduce a > new way of failing?)
Obtaining SNI information requires parsing TLS handshake, so you will be partially exposed to the dangers of that experimental and changing code. Splicing at step1 is safer but does not give you SNI. Alex. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
