[squid-users] for people who suffer from https ssl pump and not interested with caching it
--Ahmad--
ahmed.zaeem at netstream.ps
Wed Dec 7 14:53:20 UTC 2016
yes thats why i posted that and hope that it can help guys .
thanks
> On Dec 6, 2016, at 11:58 PM, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>
> On 12/06/2016 02:43 PM, --Ahmad-- wrote:
>
>> i always see many people suffer from problems of https pump with some websites .
>> and in the same time i see that they are not interested with caching of https .
>> so all what they need is they just let HTTP & HTTPS as transparent .
>>
>> so i just want to share about “redsocks” tool and using it to catch up https and forward it to other squid server using “TCP_connect “ METHOD .
>>
>> u can use redsocks and from redsocks forward it to squid again using “tcp_connect “
>
> If using an external TCP CONNECT wrapper is better than using "ssl_bump
> splice all" Squid configuration, then there is some Squid bug that we
> need to fix because "ssl_bump splice all" is supposed to generate the
> same TCP CONNECT internally, without any wrappers.
>
> AFAIK, most SslBump problems in modern Squids are related to cases where
> folks want [a lot] more than just blindly tunnel (and log) all
> intercepted HTTPS connections. Many do not care about caching indeed,
> but most care about the details of what is being proxied.
>
>
> Alex.
>
More information about the squid-users
mailing list