On 06/05/2015 04:47 PM, Amos Jeffries wrote:
Along these lines, I am wondering why we need to have ssl_bump peek
checked for in relation to client peeking. Can we make Squid simply do
that first 'peek' step always for all potential HTTPS connections ?
IIRC, the reasons we did not want to
In order to support PROXY protocol on HTTPS inbound traffic we will be
needing Squid to peek at the initial client connection bytes and
process the PROXY header.
There is no need for the decryption to enter into the picture and in
current trunk Squid the bytes can be relayed in the BIO buffer to