On 23/02/22 01:05, Ben Goz wrote:
By the help of God.
If I'm using the self signed certificate that I created for the ssl
bump, then the browser considers it as the same certificate for any
domain I'm connecting to?
Key thing to remember is that TLS server certificate validates the
*server*, not the URL domain name.
HTTP/2 brings the feature of alternate server names. So once connected
and talking, a server can tell the client a bunch of other domains that
can be fetched from it.
Since you are using SSL-Bump "splice" to setup the connection Squid has
no control or interaction over what the server and client tell each
other within that connection.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
