[squid-users] Is there any way to cache or forward https requests to an http proxy using Squid?

Brett Anderson brett.anderson.ftw at gmail.com
Fri Sep 21 21:00:15 UTC 2018


Thanks again Alex,

For anyone else trying to solve this issue, here's a repo I created which
sets everything up in Docker to allow ssl_bump and cache_peer to work.
https://github.com/brett--anderson/squid_proxy

On Fri, Sep 21, 2018 at 7:53 AM Alex Rousskov <
rousskov at measurement-factory.com> wrote:

> On 09/20/2018 03:26 PM, Brett Anderson wrote:
> > Should I build from the master or a more recent branch?
>
> IIRC, the unofficial branch you are using is the only branch containing
> SslBump with cache_peer" feature today. We are working on submitting
> that code for the official review. Please note that any unofficial code
> comes with additional risks and is not eligible for the official Squid
> Project support.
>
> Alex.
>
>
>
> > On Thu, Sep 20, 2018 at 12:47 PM Alex Rousskov wrote:
> >
> >     On 09/20/2018 12:36 PM, Brett wrote:
> >     > I currently have squid setup to use a self-signed certificate for
> >     MITM to
> >     > cache HTTPS requests. This works. [...]
> >
> >     > Is there a way I can configure squid so I can specify
> >     > it as a proxy for an https request and then have it act as a cache
> or
> >     > forward to an HTTP proxy (that supports CONNECT)?
> >
> >     AFAICT, you are asking about the missing "SslBump with cache_peer"
> >     feature, which was covered in several recent threads, including this
> >     email:
> >
> >
> http://lists.squid-cache.org/pipermail/squid-users/2018-July/018653.html
> >
> >
> >     > ssl_bump peek step1
> >     > ssl_bump bump all
> >
> >     This configuration bumps everything at step2.
> >
> >
> >     > If I change the ssl_bump directives above to the following:
> >
> >     > ssl_bump stare step2
> >     > ssl_bump bump step3
> >
> >     This (misleading!) configuration should splice everything at step1.
> In
> >     other words, it should be equivalent to this (clear) configuration:
> >
> >       ssl_bump splice all
> >
> >     or a disabled SslBump. According to your tests, that is exactly what
> >     happens (and the lack of non-trivial SslBump involvement probably
> >     explains why peering works in this corner case).
> >
> >
> >     If you need more information about the equivalence of the last two
> >     configurations, please consider studying the following wiki page and
> a
> >     related recent email thread:
> >
> >     * https://wiki.squid-cache.org/Features/SslPeekAndSplice
> >     *
> >
> http://lists.squid-cache.org/pipermail/squid-users/2018-September/019162.html
> >
> >
> >     HTH,
> >
> >     Alex.
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180921/168b1979/attachment-0001.html>


More information about the squid-users mailing list