[squid-users] Is there any way to cache or forward https requests to an http proxy using Squid?
Alex Rousskov
rousskov at measurement-factory.com
Thu Sep 20 19:47:16 UTC 2018
On 09/20/2018 12:36 PM, Brett wrote:
> I currently have squid setup to use a self-signed certificate for MITM to
> cache HTTPS requests. This works. [...]
> Is there a way I can configure squid so I can specify
> it as a proxy for an https request and then have it act as a cache or
> forward to an HTTP proxy (that supports CONNECT)?
AFAICT, you are asking about the missing "SslBump with cache_peer"
feature, which was covered in several recent threads, including this email:
http://lists.squid-cache.org/pipermail/squid-users/2018-July/018653.html
> ssl_bump peek step1
> ssl_bump bump all
This configuration bumps everything at step2.
> If I change the ssl_bump directives above to the following:
> ssl_bump stare step2
> ssl_bump bump step3
This (misleading!) configuration should splice everything at step1. In
other words, it should be equivalent to this (clear) configuration:
ssl_bump splice all
or a disabled SslBump. According to your tests, that is exactly what
happens (and the lack of non-trivial SslBump involvement probably
explains why peering works in this corner case).
If you need more information about the equivalence of the last two
configurations, please consider studying the following wiki page and a
related recent email thread:
* https://wiki.squid-cache.org/Features/SslPeekAndSplice
*
http://lists.squid-cache.org/pipermail/squid-users/2018-September/019162.html
HTH,
Alex.
More information about the squid-users
mailing list