[squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?
Amos Jeffries
squid3 at treenet.co.nz
Thu Sep 24 19:57:50 UTC 2015
On 25/09/2015 2:13 a.m., Yuri Voinov wrote:
>
> 24.09.15 7:12, Amos Jeffries пишет:
>> On 24/09/2015 2:04 a.m., Yuri Voinov wrote:
>>>
>>> Through assertion and then restarts squid:
>>>
>>> 2015/09/23 20:03:25 kid1| Validated 35899 Entries
>>> 2015/09/23 20:03:25 kid1| store_swap_size = 1730768.00 KB
>>> 2015/09/23 20:03:26 kid1| storeLateRelease: released 0 objects
>>> 2015/09/23 20:03:26 kid1| assertion failed: PeerConnector.cc:116:
>>> "peer->use_ssl"
>>> 2015/09/23 20:03:30 kid1| Set Current Directory to /var/cache/squid
>>> 2015/09/23 20:03:30 kid1| Starting Squid Cache version
>>> 3.5.7-20150808-r13884 for x86_64-unknown-cygwin...
>>> 2015/09/23 20:03:30 kid1| Service Name: squid
>>> 2015/09/23 20:03:30 kid1| Process ID 11160
>
>> There you go. The peering ACLs are working.
>
>> Now you need to fix the ssl_bump rules such that the torproject traffic
>> does not require bump/decrypt before sending over the insecure peer
>> connection. Squid does not support re-encrypt.
> Huh. It works. Thank your, Amos!
>
>
>> Please use 3.5.9 for that part.
> 3.5.9 does support re-encrypt?
No, but it has better ssl_bump processing and more SNI related
functonality that may allow you to avoid having to decrypt in the first
place.
Amos
More information about the squid-users
mailing list