[squid-users] ssl_bump with cache_peer problem: Handshake fail after Client Hello.
Amos Jeffries
squid3 at treenet.co.nz
Mon Jul 6 12:06:06 UTC 2015
On 6/07/2015 9:30 p.m., adam900710 wrote:
>
> Here is some of my experiments:
> 1) Remove "never_direct"
> Then ssl_bump works as expected, but all traffic doesn't goes through
> the SOCKS5 proxy. So a lot of sites I can't access.
>
> 2) Use local 8118 proxy
> That works fine without any problem, but SSL_dump is needed...
> So just prove privoxy are working.
>
> Any clue?
> Also, If I disable "ssl_bump" at http_port line, squid works without
> any problem just as a forwarder.
> But that makes no sense anyway.
Makes perfect sense. Would you like anybody to be able to decrypt your
HTTPS traffic and send it as plain-text wherever they want?
Squid does not permit that. All inbound encrypted traffic must one way
or another leave upstream only by encrypted channels.
Amos
More information about the squid-users
mailing list