[squid-users] cache_peer to SSL/TLS proxy
Alex Rousskov
rousskov at measurement-factory.com
Mon May 21 16:58:55 UTC 2018
On 05/21/2018 10:22 AM, Carlos Cesar Caballero Díaz wrote:
> Right now I am working against a squid proxy wich is using SSL/TLS
> (encrypted browser-squid connection) and as you know there are a lot of
> applications that does not work with this kind of proxy configuration.
> In other ocations, I have been able to avoid some proxy issues
> installing a local squid and using cache_peer, so that my local squid
> handle the nasty parent configurations and my applications can work
> cleanly against the local instance. So, can I use cache_peer against a
> parent proxy whish is using SSL/TLS for encrypted browser-squid
> connection? An if it is possible, How?
Do you want to configure your Squid proxy to use proxy B as a parent
when proxy B insists on all connections to it being encrypted? If yes,
please see the various cache_peer options that start with letters "tls"
and "ssl":
> ==== SSL / HTTPS / TLS OPTIONS ====
>
> tls Encrypt connections to this peer with TLS.
...
I have not tested the HTTPS parent setup discussed above, but it looks
like it should work in principle.
Please note that, AFAIK, Squid does not support HTTPS parents for many
SslBump configurations that require looking at TLS server Hello packets
-- there is currently no support for TLS inside TLS.
Alex.
More information about the squid-users
mailing list