[squid-users] Allowing User Certificate Authentication with SSL Bump

Alex Rousskov rousskov at measurement-factory.com
Tue Apr 27 17:57:31 UTC 2021

On 4/27/21 1:33 PM, Justin Cook wrote:
> We are running into a situation where we are unable to fully
> authenticate our users to an internal tooling service that requires
> certificate authentication as part of its login process, when going
> through squid forward proxy with SSL bump enabled.

SslBump does not support "TLS inside TLS" configurations, which is what
you get when you combine certificate-based proxy authentication (which
requires an https_port working in a forward proxy mode) with SslBump
(which, for an https_port, currently requires an interception proxy mode).

It is possible to add support for "TLS inside TLS", but it requires a
serious development effort.




More information about the squid-users mailing list