On 5/12/2015 3:32 a.m., Tom Tom wrote: > Hi Amos > > The configuration you provided above works also fine. Thank you. Which > configuration is generally proposed or "the way to go"?: The one, > which terminates SSL-Blacklists with "ssl_bump terminate" or the other > which denies https-Blacklist with "http_access deny"? Are there some > speed-/security...-considerations?
terminate is the correct way to go if you are rejecting based on just the TLS details. Squid may decrypt, but will only do the absolute minimum necessary to get the error back to the client. Not getting involved with the clients HTTPS data is a good idea. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
