[squid-users] peek vs stare on step1

[Alex Rousskov]

On 2026-03-04 04:57, Anthony Pankov wrote:
> Tuesday, March 3, 2026, 5:02:30 PM, you wrote:
> 
>> On 03.03.26 16:56, Anthony Pankov wrote:
>>> I wander what action to choose for sslbump on step1.
>>>
>>> A documentation (https://wiki.squid-cache.org/Features/SslPeekAndSplice) said the same for both:
>>>
>>> "When a stare/peek rule matches during step1, Squid proceeds to step2 where it parses the TLS Client Hello and extracts SNI (if any)."
> 
>> Alex answered my questions about peek/splice 4 years ago, here's link:
>> https://ml-archives.squid-cache.org/squid-users/2022-February/024589.html

> As I can understand stare vs peek on step1 differentiated by default
> action (bump/splice) applied later when this action is not explicitly
> defined.
> 
> I'm confusing because code contain many things in terms clientFirst,
> serverFirst (for example const bool clientFirstBump = ) but in
> configuration its deprecated and no clue how it relate to peek/stare.
> Also there is a flag sslPeek but no flag sslStare. While sslPeek
> seems not related to peek/stare and mean "internal ssl-bump request
> to get server cert".

Yes, SslBump code has lots of quality problems (and bugs). Hopefully, 
you do not have to read or adjust it. And if you do, squid-users is not 
the right place to discuss it.


> In conclusion my thought is that peek/stare on step1 are the same
> when every sslbump step is explicitly defined in configuration.

Those two step1 actions signal a different overall _intent_. When step2 
has an explicit action, that signal is of a lesser importance, but I 
would not dismiss it completely because things can go wrong between 
step1 and step2. If something goes wrong, Squid may have to rely on that 
intent to decide whether to bump or splice while handling the problem. 
Today, Squid may not work that way, but it may start doing that in the 
future as we fix and polish the corresponding code/features.

Alex.