[squid-users] squid 5.0.4 cache_peer bug on https outgoing

Alex Rousskov rousskov at measurement-factory.com
Sun Sep 27 22:48:40 UTC 2020

On 9/27/20 12:07 PM, sec wrote:

> http_port 3128 ssl-bump ...

> curl http://google.com -x https://admin:squid@localhost:3128 -v  -k

The above two lines do not match AFAICT: You tell curl to use an HTTPS
proxy, but you tell Squid to expect plain HTTP proxy requests.

Also, please note that if you fix the above problem by moving "https"
from "-x" to the origin server URL, then you will probably face another

curl https://google.com -x http://admin:squid@localhost:3128 -v  -k

> ssl_bump allow all

> cache_peer parent 3129 0 ssl

Squid does not (yet) support "TLS inside TLS": Talking TLS with the
origin server through a cache_peer that also expects a TLS connection.



More information about the squid-users mailing list