On 5/5/20 5:38 AM, Amos Jeffries wrote:
> On 5/05/20 4:31 am, Alex Rousskov wrote:
>> On 5/3/20 10:41 PM, Scott wrote:
>>> https://wiki.squid-cache.org/Features/SslPeekAndSplice says "At no point
>>> during ssl_bump processing will dstdomain ACL work".
>> I have not tested this, but I would expec
On 5/05/20 4:31 am, Alex Rousskov wrote:
> On 5/3/20 10:41 PM, Scott wrote:
>
>> acl tcp_open_connect_sslbump at_step SslBump1
>> acl ssl_splice_sni ssl::server_name "/usr/local/etc/squid/acls/splice_sni"
>> acl guest_net_src src x.y.z.0/24
>>
>> ssl_bump peek tcp_open_connect_sslbump
>> ssl_bump
On 5/3/20 10:41 PM, Scott wrote:
> acl tcp_open_connect_sslbump at_step SslBump1
> acl ssl_splice_sni ssl::server_name "/usr/local/etc/squid/acls/splice_sni"
> acl guest_net_src src x.y.z.0/24
>
> ssl_bump peek tcp_open_connect_sslbump
> ssl_bump splice ssl_splice_sni
> ssl_bump bump guest_net_sr
On Thu, Apr 30, 2020 at 04:05:43PM -0400, Alex Rousskov wrote:
> On 4/30/20 12:10 PM, Scott wrote:
>
> >> * For http_port configured with an ssl-bump flag, HTTP CONNECT tunnels
> >> are sent to the SslBump code.
> >>
> >> * For https_port configured with an ssl-bump flag, all traffic is sent
> >>
On 4/30/20 12:10 PM, Scott wrote:
>> * For http_port configured with an ssl-bump flag, HTTP CONNECT tunnels
>> are sent to the SslBump code.
>>
>> * For https_port configured with an ssl-bump flag, all traffic is sent
>> to the SslBump code (by faking a corresponding HTTP CONNECT request).
> The
> Date: Mon, 27 Apr 2020 15:09:03 -0400
> From: Alex Rousskov
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Best way to prevent squid from bumping CONNECTs
>
> On 4/27/20 12:21 PM, Scott wrote:
>
> > my experience with ssl_bump is that it tr
On 4/27/20 12:21 PM, Scott wrote:
> my experience with ssl_bump is that it tries to bump SSL connections whether
> presented to Squid explicitly or implicitly.
* For http_port configured with an ssl-bump flag, HTTP CONNECT tunnels
are sent to the SslBump code.
* For https_port configured with a
Hi,
my experience with ssl_bump is that it tries to bump SSL connections whether
presented to Squid explicitly or implicitly.
I have a device with two pieces of software, one configured with Squid
explicitly, one that requires intercept (via WCCP).
So both explicit CONNECT messages arrive at s