On 27/10/2015 1:34 a.m., Jatin Bhasin wrote: > Hello, > > I am running squid 3.5.10 for bumping transparent SSL connections To > achieve this I am using following squid configuration for SSL Bumping. > > acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt" > ssl_bump peek step1 all > ssl_bump peek step2 nobumpSites > ssl_bump bump step3 nobumpSites > ssl_bump bump all > > > File "/etc/squid/allowed_SSL_sites.txt" contains www.facebook.com. > > On reading documentation I understood that I should see a Fake CONNECT > request for Facebook.com IP address as below: > > TAG_NONE/200 0 CONNECT 17.151.224.13:443 - ORIGINAL_DST/17.151.224.13 > > And at Step2 there should be a Fake CONNECT request for SNI > information extracted.
Only if SNI is actually sent by the client. It is not guaranteed to be sent. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
