[squid-users] how to configure squid to check server certificate?

Amos Jeffries squid3 at treenet.co.nz
Fri Mar 13 07:44:13 UTC 2020

On 13/03/20 12:44 pm, GeorgeShen wrote:
> Understood. not altering the bytes. My question is simple:
> if using squid to do splicing proxy action of https sessions, is there a
> squid configuration to block/drop the session if the remote server's
> certificate is signed by a 'untrusted' CA?

You should be able to do something like this:

 ssl_bump peek all
 ssl_bump terminate ssl::certUntrusted
 ssl_bump splice all

I have not tried that myself, so not sure if it would terminate on
client certs.


More information about the squid-users mailing list