[squid-users] cache_peer and ssl

Amos Jeffries squid3 at treenet.co.nz
Sun Oct 6 04:45:17 UTC 2019

On 6/10/19 12:27 pm, joseph wrote:
> dose squid send to cache peer   ssl  after ssl_bump  clear link or ?

What is "ssl_bump clear link" ?

ssl_bump is used only when TLS bytes are expected from the client.

cache_peer is used whenever a server connection is made, except when
always_direct prevents it.

Squid-4 and older requires the peer to use encrypted connections when
the traffic delivered there has been *decrypted* by Squid. So that the
security is not compromised. Squid-5 allows CONNECT tunnels to be
generated, so can re-encrypt over a non-secure peer.

> how ssl work between squid and peer ? do i need keys  

The same way TLS/SSL works between any software. Keys being needed, and
which type depend on the TLS features used.


More information about the squid-users mailing list