[squid-users] Is there a scalable way in SSL-Bump forwarding client's certificate to server?

Amos Jeffries squid3 at treenet.co.nz
Wed Dec 11 12:10:06 UTC 2019

On 11/12/19 6:48 pm, GeorgeShen wrote:
>> Yes, look for "client certificate" in your squid.conf.documented.
> Ok. for the 'clientca=' and 'tls-cafile=', is the purpose for proxy to
> verify the client cert again this list before allow the connection to go
> further? or it can use those client certificate also for other things?

There is no "or" about it. Both.

Any client certificate given must verify.

Valid client certificates can be used for things other than verification.

> Also the RFC TLS 1.2 says client send certificate only if the server asks
> it, here it means the proxy. Does this configure 'clientca=' signal all the
> client to send their certificate if it has one?

Yes. Exactly so.


More information about the squid-users mailing list