[squid-users] SSL termination problem - squid's requests using https
Sam Holden
sam.holden at steeprockinc.com
Tue Sep 17 18:07:42 UTC 2019
I'm converting a reasonably large configuration from squid v3 to squid
v4 and I'm having a problem with SSL termination. I'm clearly missing
something but I haven't been able to work out what. I'm using openssl
not gnutls.
Using the following:
https_port 4277 accel defaultsite=<THE_BACKEND_SITE>
cert=/etc/pki/tls/site.crt key=/etc/pki/tls/site.key
options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE
cipher=<A-GIANT-LIST-OF-CIPHERS>
sees https requests to port 4277 connect fine, but squid tries to
reach the backend using https as well which fails because it is
serving http only.
using the following:
https_port 4277 accel defaultsite=<THE_BACKEND_SITE>
cert=/etc/pki/tls/site.crt key=/etc/pki/tls/site.key
options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE
cipher=<A-GIANT-LIST-OF-CIPHERS> protocol=http
sees port 4227 act as an http port (no ssl) but the requests to the
backend from squid are correctly made via http. (protocol=HTTP/1.1 has
the same effect).
Is there an option to have squid make HTTP requests on behalf of HTTPS
requests from clients?
--
Sam Holden
More information about the squid-users
mailing list