Re: filtering HTTPS/CONNECT (summary and continuation of discussion)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 17 Mar 2012 14:00:34 +1300

On 17/03/2012 1:39 p.m., Marcus Kool wrote:
>
> Alex Rousskov wrote:
>> On 03/16/2012 03:05 PM, Marcus Kool wrote:
>>
>>> The new sslBump flow could be something like this:
>>>
>>> A) open socket to server. If error, close socket to client.
>>
>> If there is an error, bump-ssl-server-first returns an error to the
>> client, after establishing a secure connection with it. Closing the
>> connection can sometimes be a good option as well, of course.
>
> Yeah, this depends on the error. When Squid cannot make a connection
> to the server, it could simple close the socket to the client.
> Just an idea. But doing a full handshake with a client and given
> a user-friendly error message is very nice.
>

It seems you may need to grab a new copy of the langpack templates from
Squid. The latest batch use %D for more detailed SSL errors.

Amos
Received on Sat Mar 17 2012 - 01:00:45 MDT

This archive was generated by hypermail 2.2.0 : Sat Mar 17 2012 - 12:00:10 MDT