[squid-users] Squid ssl bump with upstream proxy

Baselsayeh Basel.sayeh at hotmail.com
Wed Mar 2 02:02:33 UTC 2016


My proxy supports connecting to https website by using
(Connect Website:443) (as if normal proxy in browser sittings)
The problem is that the proxy dosent support tunnels
Can you give me a config example
A  isnt my option because I use intercepter https port


Amos Jeffries wrote
> On 2/03/2016 9:48 a.m., Baselsayeh wrote:
>> Yuri Voinov wrote
>> Aha, I'm stupid.
>> 
>>  Squid can't re-crypted peer connections. You need to splice peered
>> URL's before tunnel it into your peer.
>> 
>> 28.02.16 2:07, Baselsayeh пишет:
>>>>> No
>>>>> What I need i need is
>>>>> Get ssl info from browser - squid - upstream proxy - internet
>>>>> Using cache_peer
>>>>> With ssl_bump
>>>>> But for some reason the upstream proxy wont get the https requests
>>>>> All I want is https -> sslbump -> upstream proxy via CONNECT request
>>>>>
>>>>>
>>>
>>>
>>> 0x613DEC46.asc (2K)
>>> <http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676286/0/0x613DEC46.asc>
>> 
>> the parent proxy dont support anything but a plain Connect method http
>> and
>> (s)
>> 
>> is it possible in squid?
>> 
>> config example?
>> 
> 
> Squid can:
> 
>  A) relay CONNECT message from client to any upstream proxy.
> 
>  B) generate CONNECT message on arriving intercepted HTTPS and relay
> that to upstream proxy *IF* (and only if) ssl_bump selects the 'splice'
> action.
> 
>  C) relay https:// URLs to an upstream TLS proxy.
> 
> 
> That is all at present.
> 
> Squid cannot (yet) generate CONNECT messages to try and fetch TLS
> details via a non-TLS cache_peer. If you are able to sponsor that
> enhancement work patches are welcome, or sponsorship $$ to help pay
> persons working on these things (Christos / measurement-factory) are
> also welcome.
> 
> Amos
> _______________________________________________
> squid-users mailing list

> squid-users at .squid-cache

> http://lists.squid-cache.org/listinfo/squid-users





--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-ssl-bump-with-upstream-proxy-tp4676279p4676369.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list