On Tue, 2015-06-09 at 21:39 +0200, Klavs Klavsen wrote: > Amos Jeffries wrote on 2015-06-09 17:10: > [CUT] > > You have to first configure ssl_bump in a way that lets Squid receive > > the clientHello message (step1 -> peek) AND the serverHello message > > (step2 -> peek). Then you can use those cert details to bump (step3 -> > > bump). > > The config is quite simple: > > ssl_bump peek all > > ssl_bump bump all > > > I have this: > ssl_bump peek step1 broken > ssl_bump peek step2 broken > ssl_bump splice broken > ssl_bump peek step1 all > ssl_bump peek step2 all > ssl_bump bump all > > > > > But there are cases like the client is resuming a previous TLS session > > where there is no certificates involved. Squid cannot do anything, so it > > automatically splices (3.5.4+ at least do). Or if you have configured > > your Squid in a way that there are no mutually supported ciphers. > > > > My client is curl.. I don't think that its caching any TLS sessions. > > > > > It may just be your ssl_bump rules. But given that this is a google > > domain there is a strong chance that you are encountering one of those > > special case. > > > I'd like squid to disallow queries where it cannot see what domain name > / url is going to be accessed. > > I'd like all GET/POST etc. requests to go through squid - so they are > controlled by the normal http_access rules as http (intercepted) is > currently. > > This worked with 3.4.12 :( (but only for 30 minutes or less) > > You saw my full config.. how is it supposed to look with 3.5.5, for this > to work as it did with 3.4.12 ? > > sorry I'm a bit frustrated.. I can't seem to grasp what changed from > 3.4.12 to 3.5.5, which means I suddenly can't filter https traffic > anymore :( >
Gents, I'm going to spin this off into a new thread..."Filtering http and https traffic" sometime later today. I have some questions, and maybe solutions. James
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users