[squid-users] SSL Bump differences at various steps

Amos Jeffries squid3 at treenet.co.nz
Sat Mar 14 03:22:20 UTC 2026

Previous message (by thread): [squid-users] SSL Bump differences at various steps
Next message (by thread): [squid-users] PfSense Squid Package Status Page unofficial fix
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 14/03/2026 02:22, Andrey K wrote:
> Hello, Amos,
> 
> Thank you for the comments.
> I double-checked the results (I have squid-6.10).
> 
> The configurations:
>      ssl_bump *stare *step1
>      ssl_bump stare step2
>      ssl_bump bump step3
> and
>      ssl_bump *peek *step1
>      ssl_bump stare step2
>      ssl_bump bump step3
> produce the same result - during TLS handshake with the Server, 
> theProxyusesthe ciphersuite receivedfromthe originalClient.
> 

Great. Thank you for the confirmation.

Bug in the "stare" case handling of SslBump2 protocol stage. Failure to 
filter the ciphers etc. sent to the server down to the union set of what 
client & squid are both capable of supporting.
   At least for Squid v6.

I am not sure when/if anyone will be able to fix this.

Cheers
Amos

Previous message (by thread): [squid-users] SSL Bump differences at various steps
Next message (by thread): [squid-users] PfSense Squid Package Status Page unofficial fix
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list