(no subject)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

(no subject)

赵 俊

 >> When I access SVN ,I want to bump SVN connection.

>> My squid.conf :
>> 
>> acl ssl_step1 at_step SslBump1
>>acl ssl_step2 at_step SslBump2
>> acl ssl_step3 at_step SslBump3
>> 
>> ssl_bump stare ssl_step1
>> ssl_bump bump ssl_step2
>>ssl_bump terminate ssl_step3
>>
>> May  i  solve this problem,if I go to the official certification  
>> organization certificating myCA ?




>The second problem is that you are bumping at SSL-Bump step #2 before 
> any of the real server details are available to Squid.

I want to know which step to bump and which action at SSL-Bump step#1?






_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: (no subject)

Amos Jeffries
Administrator
On 13/12/17 21:19, 赵 俊 wrote:

>>>  When I access SVN ,I want to bump SVN connection.
>
>>> My squid.conf :
>>>
>>> acl ssl_step1 at_step SslBump1
>>>acl ssl_step2 at_step SslBump2
>>> acl ssl_step3 at_step SslBump3
>>>
>>> ssl_bump stare ssl_step1
>>> ssl_bump bump ssl_step2
>>>ssl_bump terminate ssl_step3
>>>
>>> May  i  solve this problem,if I go to the official certification  
>>> organization certificating myCA ?
>
>
>
>
>>The second problem is that you are bumping at SSL-Bump  step #2 before
>> any of the real server details are available to Squid.
>
> I want to know which step to bump and which action at SSL-Bump step#1?
>
>

To avoid problems you need mimic to happen. So bump at step 3. Stare at
step 2. Step 1 can be a peek or stare at you choice.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: (no subject)

Alex Rousskov
On 12/13/2017 11:35 AM, Amos Jeffries wrote:
> Step 1 can be a peek or stare at you choice.

... and that choice will determine whether Squid bumps or splices the
connections at step2 in the unlikely event no ssl_bump rules match
during step2. It is best to avoid such situations, of course.

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users