[squid-users] Is there any way to cache or forward https requests to an http proxy using Squid?

Alex Rousskov rousskov at measurement-factory.com
Fri Sep 21 14:53:02 UTC 2018


On 09/20/2018 03:26 PM, Brett Anderson wrote:
> Should I build from the master or a more recent branch?

IIRC, the unofficial branch you are using is the only branch containing
SslBump with cache_peer" feature today. We are working on submitting
that code for the official review. Please note that any unofficial code
comes with additional risks and is not eligible for the official Squid
Project support.

Alex.



> On Thu, Sep 20, 2018 at 12:47 PM Alex Rousskov wrote:
> 
>     On 09/20/2018 12:36 PM, Brett wrote:
>     > I currently have squid setup to use a self-signed certificate for
>     MITM to
>     > cache HTTPS requests. This works. [...]
> 
>     > Is there a way I can configure squid so I can specify
>     > it as a proxy for an https request and then have it act as a cache or
>     > forward to an HTTP proxy (that supports CONNECT)?
> 
>     AFAICT, you are asking about the missing "SslBump with cache_peer"
>     feature, which was covered in several recent threads, including this
>     email:
> 
>     http://lists.squid-cache.org/pipermail/squid-users/2018-July/018653.html
> 
> 
>     > ssl_bump peek step1
>     > ssl_bump bump all
> 
>     This configuration bumps everything at step2.
> 
> 
>     > If I change the ssl_bump directives above to the following:
> 
>     > ssl_bump stare step2
>     > ssl_bump bump step3
> 
>     This (misleading!) configuration should splice everything at step1. In
>     other words, it should be equivalent to this (clear) configuration:
> 
>       ssl_bump splice all
> 
>     or a disabled SslBump. According to your tests, that is exactly what
>     happens (and the lack of non-trivial SslBump involvement probably
>     explains why peering works in this corner case).
> 
> 
>     If you need more information about the equivalence of the last two
>     configurations, please consider studying the following wiki page and a
>     related recent email thread:
> 
>     * https://wiki.squid-cache.org/Features/SslPeekAndSplice
>     *
>     http://lists.squid-cache.org/pipermail/squid-users/2018-September/019162.html
> 
> 
>     HTH,
> 
>     Alex.
> 



More information about the squid-users mailing list