Bug #6527: Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #6527

closed

Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception

Added by Michael Epstein almost 8 years ago. Updated over 7 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Squid

Target version:

pfSense - 2.4.0

Start date:

06/23/2016

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Affected Version:

All

Affected Plus Version:

Affected Architecture:

Description

As described in the squid wiki, "ssl_bump server-first all" is deprecated in squid 3.5+

http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Squid_Configuration_File

For proper SNI detection you most use for example:

acl step1 at_step SslBump1

ssl_bump peek step1
ssl_bump bump all

I test this configuration in "Custom ACLS (Before Auth)" with Squid 3.5, transparent mode on and HTTPS/SSL Interception on and everything is working great. With "ssl_bump server-first all" SNI isn't working.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #6527

Squid 3.5 - Deprecated "ssl_bump server-first all" don't allow SNI in transparent mode with HTTPS/SSL Interception

Updated by Chris Buechler almost 8 years ago

Updated by Michael Epstein almost 8 years ago

Updated by Kill Bill over 7 years ago

Updated by Renato Botelho over 7 years ago

Updated by Jim Pingle over 7 years ago