On Tue, 2015-06-23 at 09:11 +0200, Klavs Klavsen wrote: > Hi James, > > Did you ever find an answer for this? > > James Lay wrote on 06/11/2015 02:16 AM: > > All, > > > > From the docs at: > > > > http://wiki.squid-cache.org/Features/SslPeekAndSplice > > > > *peek* > > > > > > step1, step2 > > > > > > Receive SNI and client certificate (step1), or server certificate > > (step2) while preserving the possibility of splicing the connection. > > Peeking at the server certificate usually precludes future bumping of > > the connection (see Limitations). This action is the focus of this project. > > > > > > *stare* > > > > > > step1, step2 > > > > > > Receive SNI and client certificate (step1), or server certificate > > (step2) while preserving the possibility of bumping the connection. > > Staring at the server certificate usually precludes future splicing of > > the connection. Currently, we are not aware of any work being done to > > support this action. > > > > > > > > I see a lot of: > > > > ssl_bump peek all > > > > Does this perform both step1 with SNI and client cert, AND server cert? > > Thank you. > > > > James > > > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > > >
Hi Klavs, I did not. I can tell you in my testing that: ssl_bump peek step1 all ssl_bump peek step2 all versus ssl_bump peek all Did not give me the same results, so I'm going to assume a single statement only performs SNI lookup, but maybe someone else on the list has a better answer. James
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users