[squid-users] Squid ssl bump with upstream proxy
Amos Jeffries
squid3 at treenet.co.nz
Wed Mar 2 00:39:53 UTC 2016
On 2/03/2016 9:48 a.m., Baselsayeh wrote:
> Yuri Voinov wrote
> Aha, I'm stupid.
>
> Squid can't re-crypted peer connections. You need to splice peered
> URL's before tunnel it into your peer.
>
> 28.02.16 2:07, Baselsayeh пишет:
>>>> No
>>>> What I need i need is
>>>> Get ssl info from browser - squid - upstream proxy - internet
>>>> Using cache_peer
>>>> With ssl_bump
>>>> But for some reason the upstream proxy wont get the https requests
>>>> All I want is https -> sslbump -> upstream proxy via CONNECT request
>>>>
>>>>
>>
>>
>> 0x613DEC46.asc (2K)
>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676286/0/0x613DEC46.asc>
>
> the parent proxy dont support anything but a plain Connect method http and
> (s)
>
> is it possible in squid?
>
> config example?
>
Squid can:
A) relay CONNECT message from client to any upstream proxy.
B) generate CONNECT message on arriving intercepted HTTPS and relay
that to upstream proxy *IF* (and only if) ssl_bump selects the 'splice'
action.
C) relay https:// URLs to an upstream TLS proxy.
That is all at present.
Squid cannot (yet) generate CONNECT messages to try and fetch TLS
details via a non-TLS cache_peer. If you are able to sponsor that
enhancement work patches are welcome, or sponsorship $$ to help pay
persons working on these things (Christos / measurement-factory) are
also welcome.
Amos
More information about the squid-users
mailing list