[squid-users] multiple client certfifcates for ssl bumping
Amos Jeffries
squid3 at treenet.co.nz
Tue Jan 12 22:23:07 UTC 2016
On 13/01/2016 2:53 a.m., Alexei Mayanov wrote:
> Hello!
> I use Squid 3.5.12.
> For SSL bumping it is possible to specify client certificate and
> private key by 'sslproxy_client_certificate' and 'sslproxy_client_key'
No, that is not possible in any Squid at present. I am working slowly
towards supporting it for Squid-4 or maybe 5, but not quite there yet.
> Can I use 'cache_peer' directive for this?
Yes, cache_peer could be used as a workaround if there is a reasonably
small set of servers/certificates to use.
> If yes, can somebody present a short config example?
It looks something like this:
cache_peer ... name=S1 sslcert=X1 sslkey=Y1
acl foo1 ...
cache_peer_access S1 allow foo1
cache_peer ... name=S2 sslcert=X2 sslkey=Y2
acl foo2 ...
cache_peer_access S1 allow foo2
Amos
More information about the squid-users
mailing list