[squid-users] missing SNI support in squid makes trouble with sslbump

From: Dieter Bloms <squid_at_bloms.de>
Date: Fri, 27 Jun 2014 15:44:02 +0200


I use squid 3.4.5 and sslbump works great for the most big sites like
google and facebook ....

There are some destinations, which share there ip with other virual
webserver, so the client gets a default certificate from the server with a
wrong CN. With SNI the client get the right certificate with the correct
I configured "ssl_bump server-first all", but to me it looks like squid
doesn't do SNI and so gets the wrong certificate.

Does anybody know a workaround for this problem ?

I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
Received on Fri Jun 27 2014 - 13:44:06 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 27 2014 - 12:00:05 MDT