[squid-users] Can Squid communicate http to clients connecting to https sites?

Amos Jeffries squid3 at treenet.co.nz
Wed Nov 2 00:09:20 UTC 2016


On 2/11/2016 12:55 p.m., vze2k3sa wrote:
> Hi,
> 
> I have a question around have Squid which is configured to handle all
> company traffic to and from the web. When connecting to an SSL website, HTTP
> Connect is used. Can Squid be configured so all the inbound SSL traffic is
> SSL decrypted and send back to clients as clear text http traffic?


The CONNECT message *is* clear-text HTTP. So already it is doing what
you asked. But I think what you want is not want you are asking for.

Squid supports receiving requests for https:// URLs from clients on
regular TCP connections and will perform the HTTPS part for them.

Squid also supports clients using TLS to connect to the proxy, then to
pass it requests for https:// URLs. There is a sad lack of clients that
support doing that though.


If the client is performing TLS to the origin server, then no. You
cannot reply with plain-text HTTP to them. Your only choice in that case
is the SSL-Bump feature.

Amos



More information about the squid-users mailing list