[squid-users] squid 5.0.4 cache_peer bug on https outgoing
Alex Rousskov
rousskov at measurement-factory.com
Sun Sep 27 22:48:40 UTC 2020
On 9/27/20 12:07 PM, sec wrote:
> http_port 3128 ssl-bump ...
> curl http://google.com -x https://admin:squid@localhost:3128 -v -k
The above two lines do not match AFAICT: You tell curl to use an HTTPS
proxy, but you tell Squid to expect plain HTTP proxy requests.
Also, please note that if you fix the above problem by moving "https"
from "-x" to the origin server URL, then you will probably face another
problem:
curl https://google.com -x http://admin:squid@localhost:3128 -v -k
> ssl_bump allow all
> cache_peer 127.0.0.1 parent 3129 0 ssl
Squid does not (yet) support "TLS inside TLS": Talking TLS with the
origin server through a cache_peer that also expects a TLS connection.
HTH,
Alex.
More information about the squid-users
mailing list