Re: [squid-users] dynamic ssl certificate generation - ip addresses

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Fri, 01 Nov 2013 17:07:41 -0600

On 11/01/2013 08:34 AM, Lennert Rienau wrote:
>> Because you use client-first bumping on intercepted traffic.
>> The only details Squid has at that point are the IP address and port the
>> clients ws connecting to.
>>
>> You need server-first bumping to contact the server and find out what
>> domain(s) its certificate indicate.

> Thank you for your anwser, when i change it to ssl-server-first mode
> this error appears: "FATAL: unknown ssl_bump mode:
> ssl-server-first".

It is "server-first" not "ssl-server-first". Please read
squid.conf.documented description of ssl_bump or
http://www.squid-cache.org/Doc/config/ssl_bump/

Thank you,

Alex.

> Should i apply this patch: http://www.squid-cache.org/mail-archive/squid-dev/201207/att-0144/BumpSslServerFirst-t11-Amos-requests-part.patch
> or is there another workaround? i run squid 3.3.9.
>
> Thanks!
>
Received on Fri Nov 01 2013 - 23:07:56 MDT

This archive was generated by hypermail 2.2.0 : Sat Nov 02 2013 - 12:00:05 MDT