[squid-users] for people who suffer from https ssl pump and not interested with caching it

Alex Rousskov rousskov at measurement-factory.com
Tue Dec 6 21:58:44 UTC 2016

On 12/06/2016 02:43 PM, --Ahmad-- wrote:

> i always see many people suffer from problems of https pump with some websites .
> and in the same time i see that they are not interested with caching of https .
> so all what they need is they just let HTTP & HTTPS as transparent .
> so i just want to share about “redsocks” tool and using it to catch up https and forward it to other squid  server using “TCP_connect “ METHOD .
> u can use redsocks  and from redsocks forward it to squid again using “tcp_connect “

If using an external TCP CONNECT wrapper is better than using "ssl_bump
splice all" Squid configuration, then there is some Squid bug that we
need to fix because "ssl_bump splice all" is supposed to generate the
same TCP CONNECT internally, without any wrappers.

AFAIK, most SslBump problems in modern Squids are related to cases where
folks want [a lot] more than just blindly tunnel (and log) all
intercepted HTTPS connections. Many do not care about caching indeed,
but most care about the details of what is being proxied.


More information about the squid-users mailing list