[squid-users] Help troubleshooting proxy<-->client https

Masha Lifshin mlifshin at phantomdesign.com
Fri Jun 2 22:27:58 UTC 2017


Thank you very much Amos and Alex for the helpful explanations, high level
of detail, and for tracking down that this combo is not possible at this
time.

We're going to evaluate what to do next with this info.  I'll probably be
following up with more questions soon.
-M

On Fri, Jun 2, 2017 at 9:05 AM, Alex Rousskov <rousskov at measurement-factory.
com> wrote:

> On 06/01/2017 01:26 PM, Alex Rousskov wrote:
> > On 06/01/2017 11:29 AM, Alex Rousskov wrote:
>
> > * HTTPS proxy is a rarely used feature that works well for some.
> > * SslBump is a frequently used feature that works well enough for some.
>
> > Disclaimer: I do not know of anybody using the _combination_ of the
> > above two features, and I do not recall whether such a combination is
> > already supported. Please post once you figure it out.
>
> I just confirmed that Squid does _not_ support the above combination. An
> https_port with an ssl-bump option requires either "tproxy" or
> "intercept" mode, which are both incompatible with HTTPS proxy mode.
> Until the above combination is supported, you have to pick between using
> HTTPS proxy and using SslBump.
>
> http://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a
> _new_Squid_feature.2C_enhance.2C_of_fix_something.3F
>
> Alex.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170602/a061ceeb/attachment.html>


More information about the squid-users mailing list