On 2015-09-08 02:32 PM, Alex Rousskov wrote:
On 09/08/2015 02:18 PM, James Lay wrote:
I'm currently having great success with 3.5.8 and this
peek/splice only method using transparent intercept:
###############################
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
ssl_bump peek step1 all
ssl_bump peek step2 all
acl allowed_https_sites ssl::server_name_regex
"/opt/etc/squid/http_url.txt"
ssl_bump splice step3 allowed_https_sites
ssl_bump terminate all
###############################
Bugs notwithstanding, the above can be further simplified (in v3.5.8
and
later):
acl allowed_https_sites ...
ssl_bump peek all
ssl_bump splice allowed_https_sites
ssl_bump terminate all
HTH,
Alex.
Hey thanks Alex...I will give that a test with 3.5.8. I also recall in
earlier builds that "ssl_bump peek all" only matched SNI, but did not
match the cert subject, which is why I forced it with peeking at step1
and step2. Thanks again.
James
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
