Hi Amos, My client is sending sni. I have checked this. Squid only generates SNI fake connect at step2 if sslbump action is splice. For all other ssl bump actions it does not generate fake connect with sni. Is this a bug or limitation in squid? Do you plan in future to change it?
Thanks Jatin On 27 Oct 2015 1:52 am, "Amos Jeffries" <squ...@treenet.co.nz> wrote: > On 27/10/2015 1:34 a.m., Jatin Bhasin wrote: > > Hello, > > > > I am running squid 3.5.10 for bumping transparent SSL connections To > > achieve this I am using following squid configuration for SSL Bumping. > > > > acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt" > > ssl_bump peek step1 all > > ssl_bump peek step2 nobumpSites > > ssl_bump bump step3 nobumpSites > > ssl_bump bump all > > > > > > File "/etc/squid/allowed_SSL_sites.txt" contains www.facebook.com. > > > > On reading documentation I understood that I should see a Fake CONNECT > > request for Facebook.com IP address as below: > > > > TAG_NONE/200 0 CONNECT 17.151.224.13:443 - ORIGINAL_DST/17.151.224.13 > > > > And at Step2 there should be a Fake CONNECT request for SNI > > information extracted. > > Only if SNI is actually sent by the client. It is not guaranteed to be > sent. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
