Hi again,
FWIW, Factory is (slowly) working on an SslBump refactoring project
that may address this bug.
Thanks, I'll keep an eye on that.
Andreas
Zitat von Alex Rousskov :
On 9/21/21 10:14 AM, Andreas Weigel wrote:
Hi,
sorry for the late response and the ambiguity in the initial post.
Hi,
sorry for the late response and the ambiguity in the initial post.
That fact is unrelated to the concern being raised in this thread
AFAICT: The concern is _not_ whether Squid verifies the target of the
SNI-based CONNECT during step3. The concern is whether Squid verifies
the target of the
On 9/21/21 10:14 AM, Andreas Weigel wrote:
> Hi,
>
> sorry for the late response and the ambiguity in the initial post.
>
>> That fact is unrelated to the concern being raised in this thread
>> AFAICT: The concern is _not_ whether Squid verifies the target of the
>> SNI-based CONNECT during step3
On 9/18/21 10:36 AM, Alex Rousskov wrote:
> On 9/17/21 7:10 PM, Amos Jeffries wrote:
>> On 18/09/21 8:14 am, Alex Rousskov wrote:
>>> On 9/17/21 3:29 PM, Andreas Weigel wrote:
>>>
If splicing at step3, however, hostHeaderVerify is not called again with
the SNI
>>>
>>> I assume that the ab
On 9/17/21 7:10 PM, Amos Jeffries wrote:
> On 18/09/21 8:14 am, Alex Rousskov wrote:
>> On 9/17/21 3:29 PM, Andreas Weigel wrote:
>>
>>> If splicing at step3, however, hostHeaderVerify is not called again with
>>> the SNI
>>
>> I assume that the above statement would still be true if I remove the
>
Hi,
I noticed that squid behaves differently with regard to checking the
SNI of a (fake-)Connect request depending on the sslbump step a
"splice" is performed. This is more or less a follow-up on " Squid
spliced TLS handshake failing with chrome/ium fallback for certain
servers".
If spl
On 18/09/21 8:14 am, Alex Rousskov wrote:
On 9/17/21 3:29 PM, Andreas Weigel wrote:
If splicing at step3, however, hostHeaderVerify is not called again with
the SNI
I assume that the above statement would still be true if I remove the
word "again" from it. This is how I interpreted it (i.e.
h
On 9/17/21 3:29 PM, Andreas Weigel wrote:
> If splicing at step3, however, hostHeaderVerify is not called again with
> the SNI
I assume that the above statement would still be true if I remove the
word "again" from it. This is how I interpreted it (i.e.
hostHeaderVerify() is called once with the