[squid-users] Proxy Chaining with ssl_bump

Christof Gerber christof.gerber1 at gmail.com
Wed Dec 5 12:03:14 UTC 2018


I have a squid 3.5 as forward proxy that does ssl_bump by default.
Some traffic I need to forward in addition to a second proxy by proxy
chaining. The following configuration works for HTTP traffic but not
with HTTPS. I found out through
https://www.spinics.net/lists/squid/msg84767.html that this is because
Squid 3.5 is not capable of doing ssl_bump + proxy chaining because
the first proxy in the chain won't send a CONNECT after ssl_bump was
performed. My question is:

1. Is this finding still up-to-date , saying that Squid 3.5 does not
support ssl_bump + proxy chaining. How is it for Squid 4?

squid.conf snippet doing proxy chaining:

ssl_bump bump group_default
acl forward_group dstdomain .dropbox.com
cache_peer forward.domain.com parent 8080 0 no-query default
cache_peer_access forward.domain.com allow forward_group
never_direct allow forward_group
never_direct deny all


-- 
Christof Gerber
Email: christof.gerber1 at gmail.com


More information about the squid-users mailing list