[squid-users] internet squid with https and just for domain resolution not for caching or so

Alex Rousskov rousskov at measurement-factory.com
Fri Aug 31 16:57:44 UTC 2018

On 08/31/2018 09:44 AM, --Ahmad-- wrote:

> if i wan to enable squid into intercpt/transparent or transparent
> TCP_connect 
> i dont want to decrypt the message 
> all what i need say client requested google.com

Extracting intended domain name information is usually possible today by
examining TLS SNI values.

However, the few folks controlling most of the world HTTPS traffic are
working on making domain name information unavailable to (or at least
essentially unusable by) proxies. Thus, I would not expect SNI-based
logic to work long-term.


More information about the squid-users mailing list