Re: [squid-users] TAG_NONE/xxxx

[Amos Jeffries]

On 12/07/2015 8:16 a.m., Yuri Voinov wrote:
> 
> Yep, man.
> 
> Sad, but true.

No man.

[sorry, sent the followup in private by mistake. Repeating now for
everyone ... with a bit more info]

The TAG_* is a representation of what Squid has done in processing
the transaction.

We dont yet have tags/codes labelling the different SSL-Bump logic
paths. So the fake-CONNECT request processing shows up as "NONE" at the
moment when splicing or bumping was done. TUNNEL when SSL-bump action
"none" is done for intercepted traffic. And "terminate" action is not
logged at all for some reason.

Details on the existing tag meanings can be found here:



Since David configurd splice as has bumping action the TAG_NONE/200
means the intercepted transation (fake-CONNET) was spliced. No further
details will be logged, because they are inside the encryption flowing
through the splice.

Amos



> 
> 11.07.15 16:13, David Touzeau пишет:
>> To understand what you says:
> 
>> Means that squid try to understand the TLS protocol in order to
> retrieve certificate information but some TAGS in certificate are not
> properly understood.
>> So Squid still accept/forward the connection without decoding TLS ?
> 
>> Le 11/07/2015 11:33, Amos Jeffries a écrit :
>>> On 11/07/2015 9:23 p.m., David Touzeau wrote:
 Hi all


 We using Squid 3.5.6 in transparent mode with SSL


 With the following settings:

 acl ssl_step1 at_step SslBump1
 acl ssl_step2 at_step SslBump2
 acl ssl_step3 at_step SslBump3
 ssl_bump peek ssl_step1
 ssl_bump splice all


 We have many entries "TAG_NONE/" in access.log when accessing to SSL
 websites.

 What does it means ?
>>> Spliced connection. No HTTP handling occured.
>>>
>>> The TLS logics do not yet have proper processing tags defined yet. That
>>> is still on the todo list.
>>>
>>> Amos
>>>
>>> ___
>>> squid-users mailing list
>>> squid-users@lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
> 
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> 
> 
> 
> 
> 
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TAG_NONE/xxxx

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Yep, man.

Sad, but true.

11.07.15 16:13, David Touzeau пишет:
> To understand what you says:
>
> Means that squid try to understand the TLS protocol in order to
retrieve certificate information but some TAGS in certificate are not
properly understood.
> So Squid still accept/forward the connection without decoding TLS ?
>
> Le 11/07/2015 11:33, Amos Jeffries a écrit :
>> On 11/07/2015 9:23 p.m., David Touzeau wrote:
>>> Hi all
>>>
>>>
>>> We using Squid 3.5.6 in transparent mode with SSL
>>>
>>>
>>> With the following settings:
>>>
>>> acl ssl_step1 at_step SslBump1
>>> acl ssl_step2 at_step SslBump2
>>> acl ssl_step3 at_step SslBump3
>>> ssl_bump peek ssl_step1
>>> ssl_bump splice all
>>>
>>>
>>> We have many entries "TAG_NONE/" in access.log when accessing to SSL
>>> websites.
>>>
>>> What does it means ?
>> Spliced connection. No HTTP handling occured.
>>
>> The TLS logics do not yet have proper processing tags defined yet. That
>> is still on the todo list.
>>
>> Amos
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJVoXm5AAoJENNXIZxhPexG6TUH/2H02D3FXynZ1Y2lngkEhDD3
ov8I4uujWwAEW9cmaoNqWCcewO/8gOzxa46dTntxnFi8Zun6/C88bWSVedBmcGN5
4hjjdQjnIO7D1aT+ehp0ozW2TrXJcy2IYx/9S5tZuWLByz77YTjyau+e+4Eym3/H
rjEzX8yQjBJiWhl4ihMn9Xl3LLBBRsidDmaTNPpNAWhUBJcR5SYQ54LitNdWJjTe
I3eIyzU7UlInjhCD4VFhyuuT2lwXSsD8HrLPSaLalenZNeeFMofw6h3NHibyYENa
zyNgPMp8pHXcok2+ipY5I0wGYoXTpbncRry45G4ae9wQJhuPZsULI2pB2ToHWUQ=
=EQ9v
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TAG_NONE/xxxx

[David Touzeau]

To understand what you says:

Means that squid try to understand the TLS protocol in order to retrieve 
certificate information but some TAGS in certificate are not properly 
understood.

So Squid still accept/forward the connection without decoding TLS ?

Le 11/07/2015 11:33, Amos Jeffries a écrit :

On 11/07/2015 9:23 p.m., David Touzeau wrote:

Hi all


We using Squid 3.5.6 in transparent mode with SSL


With the following settings:

acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump splice all


We have many entries "TAG_NONE/" in access.log when accessing to SSL
websites.

What does it means ?

Spliced connection. No HTTP handling occured.

The TLS logics do not yet have proper processing tags defined yet. That
is still on the todo list.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TAG_NONE/xxxx

[Amos Jeffries]

On 11/07/2015 9:23 p.m., David Touzeau wrote:
> Hi all
> 
> 
> We using Squid 3.5.6 in transparent mode with SSL
> 
> 
> With the following settings:
> 
> acl ssl_step1 at_step SslBump1
> acl ssl_step2 at_step SslBump2
> acl ssl_step3 at_step SslBump3
> ssl_bump peek ssl_step1
> ssl_bump splice all
> 
> 
> We have many entries "TAG_NONE/" in access.log when accessing to SSL
> websites.
> 
> What does it means ?

Spliced connection. No HTTP handling occured.

The TLS logics do not yet have proper processing tags defined yet. That
is still on the todo list.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users