[squid-users] Is there any way to cache or forward https requests to an http proxy using Squid?

Alex Rousskov rousskov at measurement-factory.com
Thu Sep 20 19:47:16 UTC 2018

On 09/20/2018 12:36 PM, Brett wrote:
> I currently have squid setup to use a self-signed certificate for MITM to
> cache HTTPS requests. This works. [...]

> Is there a way I can configure squid so I can specify
> it as a proxy for an https request and then have it act as a cache or
> forward to an HTTP proxy (that supports CONNECT)?

AFAICT, you are asking about the missing "SslBump with cache_peer"
feature, which was covered in several recent threads, including this email:


> ssl_bump peek step1
> ssl_bump bump all

This configuration bumps everything at step2.

> If I change the ssl_bump directives above to the following:

> ssl_bump stare step2
> ssl_bump bump step3

This (misleading!) configuration should splice everything at step1. In
other words, it should be equivalent to this (clear) configuration:

  ssl_bump splice all

or a disabled SslBump. According to your tests, that is exactly what
happens (and the lack of non-trivial SslBump involvement probably
explains why peering works in this corner case).

If you need more information about the equivalence of the last two
configurations, please consider studying the following wiki page and a
related recent email thread:

* https://wiki.squid-cache.org/Features/SslPeekAndSplice



More information about the squid-users mailing list