[squid-users] cache_peer and ssl
squid3 at treenet.co.nz
Sun Oct 6 04:45:17 UTC 2019
On 6/10/19 12:27 pm, joseph wrote:
> dose squid send to cache peer ssl after ssl_bump clear link or ?
What is "ssl_bump clear link" ?
ssl_bump is used only when TLS bytes are expected from the client.
cache_peer is used whenever a server connection is made, except when
always_direct prevents it.
Squid-4 and older requires the peer to use encrypted connections when
the traffic delivered there has been *decrypted* by Squid. So that the
security is not compromised. Squid-5 allows CONNECT tunnels to be
generated, so can re-encrypt over a non-secure peer.
> how ssl work between squid and peer ? do i need keys
The same way TLS/SSL works between any software. Keys being needed, and
which type depend on the TLS features used.
More information about the squid-users