[squid-users] squid-users Digest, Vol 27, Issue 4

Patrick Flaherty vze2k3sa at verizon.net
Wed Nov 2 12:06:08 UTC 2016

Message: 5
Date: Wed, 2 Nov 2016 13:09:20 +1300
From: Amos Jeffries <squid3 at treenet.co.nz>
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Can Squid communicate http to clients
	connecting to https sites?
Message-ID: <ee0bea25-6a0b-0090-f23f-05bc8d51edb2 at treenet.co.nz>
Content-Type: text/plain; charset=utf-8

On 2/11/2016 12:55 p.m., vze2k3sa wrote:
> Hi,
> I have a question around have Squid which is configured to handle all 
> company traffic to and from the web. When connecting to an SSL 
> website, HTTP Connect is used. Can Squid be configured so all the 
> inbound SSL traffic is SSL decrypted and send back to clients as clear text http traffic?

>The CONNECT message *is* clear-text HTTP. So already it is doing what you asked. But I think what you want is not want you are asking for.

>Squid supports receiving requests for https:// URLs from clients on regular TCP connections and will perform the HTTPS part for them.

>Squid also supports clients using TLS to connect to the proxy, then to pass it requests for https:// URLs. There is a sad lack of clients that support doing that though.

>If the client is performing TLS to the origin server, then no. You cannot reply with plain-text HTTP to them. Your only choice in that case is the SSL-Bump feature.


Thanks Amos for the reply. 

What I'm looking for is to send all client requests http and get replies back as http where I don't care if the internet site requires SSL or not. 

If a site does require SSL then can squid handles that where again the responses back to the client are http.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161102/44272940/attachment.html>

More information about the squid-users mailing list