On 10/29/21 8:37 PM, Amos Jeffries wrote:
> On 30/10/21 11:09, Alex Rousskov wrote:
>> On 10/26/21 5:46 PM, k...@sudo-i.net wrote:
>>
>>> - Squid enforces the Client to use SNI
>>> - Squid lookup IP for SNI (DNS resolution).
>>> - Squid forces the client to go to the resolved IP
>>
>> AFAICT, the
On 30/10/21 11:09, Alex Rousskov wrote:
On 10/26/21 5:46 PM, k...@sudo-i.net wrote:
- Squid enforces the Client to use SNI
- Squid lookup IP for SNI (DNS resolution).
- Squid forces the client to go to the resolved IP
AFAICT, the above strategy is in conflict with the "SECURITY NOTE"
On 10/26/21 5:46 PM, k...@sudo-i.net wrote:
> - Squid enforces the Client to use SNI
> - Squid lookup IP for SNI (DNS resolution).
> - Squid forces the client to go to the resolved IP
AFAICT, the above strategy is in conflict with the "SECURITY NOTE"
paragraph in host_verify_strict
On 10/29/21 9:57 AM, Steve Hill wrote:
> Ok, I've gone back and looked over my old debug logs. It appears what
> was actually happening was:
>
> - Client sends "CONNECT www.google.com:443".
> - Connection with TLS made to forcesafesearch.google.com.
> - Client sends "GET / HTTP/1.1\r\nHost: