[squid-users] ssl_bump with cache_peer problem: Handshake fail after Client Hello.
maple
maple.feng.wang at hotmail.com
Thu Nov 5 11:30:47 UTC 2015
Hi Amos,
So, if I understand it right, it's impossible to do ssl-bump even I use the
proxychains to chain the squid with my parent proxy without using
cache_peer(because I'm confirmed that ssl-bump+cache_peer must not work in
squid), am I right?
I just wonder how admin900710 make things work by using squid+proxychains
since he/she look like claim did it if I understand right.
about your second answer, sorry, I'm not sure I understand it. so I describe
my environment here again:
client <---https---> gateway with iptables + squid <---proxychains---> proxy
mapping port <---ssh tunnel---> http proxy + me <--http/https--> internet
as you see, client and gateway are all located in internal network, there is
no NAT device to make int-net to reach http proxy outside, so I setup ssh
reverse tunnel to map http proxy to int-net(it did like NAT to do port
mapping, but all traffic built on ssh tunnel).
I can use proxychains to to chain tools like yum/apt or other command line
tool in int-net with my http proxy, but I need to run automatic script or
install some complex system in my int-net which sometimes require proxy,
sometimes not, it's hard to do proxy setting in client side, so transparent
proxy seems suitable way, so squid is introduced, but it must handle
https(ssl-bump) and use parent http proxy, how to do it in same time? squid
apparently not support it, so i want to let squid just play transparent
proxy role with ssl-bump, and use proxychains to connect it to upstream
I tried several ways to integrate them, but looks squid just not forward it
traffic to upstream proxy which proxychains designate, so as I ask above, is
it possible to let squid forward traffic to other proxy by using
proxychains?
Best regards.
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-with-cache-peer-problem-Handshake-fail-after-Client-Hello-tp4672064p4674393.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list