In order to support PROXY protocol on HTTPS inbound traffic we will be needing Squid to "peek" at the initial client connection bytes and process the PROXY header.
There is no need for the decryption to enter into the picture and in current trunk Squid the bytes can be relayed in the BIO buffer to whatever processing is appropriate. Along these lines, I am wondering why we need to have "ssl_bump peek" checked for in relation to client peeking. Can we make Squid simply do that first 'peek' step always for all potential HTTPS connections ? This would also give SNI and the like up front and make Squid able to act lot more like what people in squid-users seem to be starting off assuming it does. Amos _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev