Thanks for testing.
I didn't got to this level yet. I am trying to test couple aspects but I believe that this step is so fast that I didn't noticed it even there. Thanks, Eliezer ---- Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Eric Lackey Sent: Saturday, August 25, 2018 5:36 PM To: squid-users@lists.squid-cache.org Subject: [squid-users] Squid ssl_bump always makes outbound connection Using squid-4.2-1.el7.x86_64 I'm looking at ways to optimize Squid when using ssl_bump. We use the peek & splice approach now and it works pretty well. While running some tests, I noticed that Squid always makes an outbound connection to the remote server regardless of when I terminate the connection. I'm trying to build a configuration that denies traffic immediately if the client SNI header doesn't match without making a connection to the remote host. Here is a very simple configuration that should terminate all connections after step1. The connection is terminated, but by running a tcpdump at the same time, I see that Squid still makes an outbound connection. acl step1 at_step SslBump1 ssl_bump terminate step1 I would expect that if I terminate after step1, the connection to the remote server should never be made. Can anyone help me understand why Squid would still make the outbound connection in this instance?
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
