> > Is it possible for squid to intercept and apply acl's to https without > actually > decrypting and generating certificates etc? The conversation would go > something like: >
It actually almost works if I put a dummy cert on the https_port config line with ssl-bump, but then use none for ssl_bump. In order to parse the dstdomain, I assume squid must be getting the cert cn first, right? Unfortunately it seems to throw the details it gathered away after checking what bump to use as all I get in there is the destination IP. Logging %ssl::>cert_subject just shows "-". James
