git.ipfire.org Git - thirdparty/squid.git/commit

sslproxy_options in peek-and-splice mode

Problem description:
  - Squid sslproxy_options deny the use of TLSv1_2 SSL protocol:
     sslproxy_options NO_TLSv1_2
  - Squid uses peek mode for bumped connections.
  - Web client sends an TLSv1_2 hello message and squid in peek mode, forwards
    the client hello message to server
  - Web server respond with an TLSv1_2 hello message
  - Squid while parsing server hello message aborts with an error because
    sslproxy_options deny the use ot TLSv1_2 protocol.

This patch fixes squid to ignore sslproxy_options when peek or stare bumping
mode selected on bumpStep2 bumping step.
The sslproxy_options applied if bump (server-first or client-first) mode
selected on bumpStep1 or bumpStep2 bumping step.
Also applied for "GET https://..." requests.

This is a Measurement Factory project

author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Sun, 15 Feb 2015 19:42:55 +0000 (21:42 +0200)
committer	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Sun, 15 Feb 2015 19:42:55 +0000 (21:42 +0200)
commit	f233022a5bb276d66eaa913a80374468db578fdd
tree	c0afa7c33969aafac6fb8296f880ddaddc8c1e5d	tree \| snapshot
parent	03336c670efbe4af6b55a776c7a670d89d34cc3a	commit \| diff

src/SquidConfig.h		diff \| blob \| blame \| history
src/cache_cf.cc		diff \| blob \| blame \| history
src/ssl/PeerConnector.cc		diff \| blob \| blame \| history