On 09/19/2015 10:19 AM, Marek Serafin wrote:
>>> acl nobumpSites ssl::server_name "/etc/squid3/allowed_SSL_sites.txt"
>>> ssl_bump peek step1
>>> ssl_bump splice step2 nobumpSites
>>> ssl_bump bump all
>> I do not see the reason for the "step2" ACL in the above. Do you?
> it should be either
On 18.09.2015 22:29, Alex Rousskov wrote:
acl nobumpSites ssl::server_name "/etc/squid3/allowed_SSL_sites.txt"
ssl_bump peek step1
ssl_bump splice step2 nobumpSites
ssl_bump bump all
I do not see the reason for the "step2" ACL in the above. Do you?
it should be either "ssl_bump splice
On 09/18/2015 01:38 PM, Marek Serafin wrote:
> 1. the only way to by absolutely sure what is transmitted over a SSL
> tunnel is bumping the connection - there is no other possibility.
Correct.
> 2. some important websites shouldn't be bumped - like banking or payment
> systems. Such pages
Hi guys,
I'm still confused about peek and stare. Correct me please if I'm wrong.
1. the only way to by absolutely sure what is transmitted over a SSL
tunnel is bumping the connection - there is no other possibility.
2. some important websites shouldn't be bumped - like banking or payment
Hello, I'm kinda confused about the "Peek and Splice" technique
introduced in Squid 3.5.x.
--
My goal is to allow CONNECT-method ONLY to certain web-pages (mainly
banks, payment systems). The rest of https-sites should be allways bumped.
-
And this can
On 09/17/2015 04:00 AM, Marek Serafin wrote:
> Hello, I'm kinda confused about the "Peek and Splice" technique
> introduced in Squid 3.5.x.
> --
> My goal is to allow CONNECT-method ONLY to certain web-pages (mainly
> banks, payment systems). The rest of https-sites should be