[squid-users] Squid ssl bump with upstream proxy

Amos Jeffries squid3 at treenet.co.nz
Wed Mar 2 00:39:53 UTC 2016


On 2/03/2016 9:48 a.m., Baselsayeh wrote:
> Yuri Voinov wrote
> Aha, I'm stupid.
> 
>  Squid can't re-crypted peer connections. You need to splice peered
> URL's before tunnel it into your peer.
> 
> 28.02.16 2:07, Baselsayeh пишет:
>>>> No
>>>> What I need i need is
>>>> Get ssl info from browser - squid - upstream proxy - internet
>>>> Using cache_peer
>>>> With ssl_bump
>>>> But for some reason the upstream proxy wont get the https requests
>>>> All I want is https -> sslbump -> upstream proxy via CONNECT request
>>>>
>>>>
>>
>>
>> 0x613DEC46.asc (2K)
>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676286/0/0x613DEC46.asc>
> 
> the parent proxy dont support anything but a plain Connect method http and
> (s)
> 
> is it possible in squid?
> 
> config example?
> 

Squid can:

 A) relay CONNECT message from client to any upstream proxy.

 B) generate CONNECT message on arriving intercepted HTTPS and relay
that to upstream proxy *IF* (and only if) ssl_bump selects the 'splice'
action.

 C) relay https:// URLs to an upstream TLS proxy.


That is all at present.

Squid cannot (yet) generate CONNECT messages to try and fetch TLS
details via a non-TLS cache_peer. If you are able to sponsor that
enhancement work patches are welcome, or sponsorship $$ to help pay
persons working on these things (Christos / measurement-factory) are
also welcome.

Amos


More information about the squid-users mailing list