[squid-users] Can I use squid to reverse proxy https (without making it a man-in-the-middle)?

Stefan Blachmann sblachmann at gmail.com
Thu May 4 04:55:01 UTC 2017

I am using squid 3.5.23 for no-caching reverse proxying http to
backend web servers.
I want to do the same with https.

If I try to make cache_peer, acl, http_access and cache_peer_access
for port 443 in addition to port 80, the connection attempt fails with
browser complaining about error code: SSL_ERROR_RX_RECORD_TOO_LONG. In
squid access log then there is a complaint about "invalid request".

Is there a way to configure squid to just pass through https traffic
to https backends? Just like it does with http?
That is, _without_ needing to give squid access to the certificates and keys?

(I ask because all instructions I found in the web are
privacy-breaking decrypting Mitm interception instructions. And I do
_not_ want to do it this way!)

More information about the squid-users mailing list