<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<META NAME="Generator" CONTENT="MS Exchange Server version 14.02.5004.000">
<TITLE>RE: squid-users Digest, Vol 27, Issue 4</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">Message: 5</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">Date: Wed, 2 Nov 2016 13:09:20 +1300</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">From: Amos Jeffries <</FONT></SPAN><SPAN LANG="en-us"></SPAN><A HREF="mailto:squid3@treenet.co.nz"><SPAN LANG="en-us"><FONT FACE="Calibri">squid3@treenet.co.nz</FONT></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"><FONT FACE="Calibri">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">To:</FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="mailto:squid-users@lists.squid-cache.org"><SPAN LANG="en-us"><FONT FACE="Calibri">squid-users@lists.squid-cache.org</FONT></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">Subject: Re: [squid-users] Can Squid communicate http to clients</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"> <FONT FACE="Calibri">connecting to</FONT><FONT FACE="Calibri"> https sites?</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">Message-ID: <</FONT></SPAN><SPAN LANG="en-us"></SPAN><A HREF="mailto:ee0bea25-6a0b-0090-f23f-05bc8d51edb2@treenet.co.nz"><SPAN LANG="en-us"><FONT FACE="Calibri">ee0bea25-6a0b-0090-f23f-05bc8d51edb2@treenet.co.nz</FONT></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"><FONT FACE="Calibri">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">Content-Type: text/plain; charset=utf-8</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">On 2/11/2016 12:55 p.m., vze2k3sa wrote:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">> Hi,</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">> </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">> I have a question around have Squid which is configured to handle all </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">> company traffic to and from the web. When connecting to an SSL </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">> website, HTTP Connect is used. Can Squid be configured so all the </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">> inbound SSL traffic is SSL decrypted and send back to clients as clear text http traffic?</FONT></SPAN></P>
<BR>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">></FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">The CONNECT message *is* cl</FONT><FONT FACE="Calibri">ear-text HTTP. So already it is doing what you asked. But I think what you want is not want you are asking for.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">></FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">Squid supports receiving requests for <A HREF="https://">https://</A> URLs from clients on regular TCP connections and will perform the HTTPS part for them.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">></FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">Squid al</FONT><FONT FACE="Calibri">so supports clients using TLS to connect to the proxy, then to pass it requests for <A HREF="https://">https://</A> URLs. There is a sad lack of clients that support doing that though.</FONT></SPAN></P>
<BR>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">></FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">If the client is performing TLS to the origin server, then no. You cannot reply with plain-t</FONT><FONT FACE="Calibri">ext HTTP to them. Your only choice in that case is the SSL-Bump feature.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">></FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">Amos</FONT></SPAN></P>
<BR>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">Thanks Amos for the reply.</FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">What I'm looking for is to send all client requests</FONT></SPAN><SPAN LANG="en-us"><B> <FONT FACE="Calibri">http</FONT></B></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri"></FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Calibri">and get replies back as</FONT></SPAN><SPAN LANG="en-us"><B> <FONT FACE="Calibri">http</FONT></B></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri"> where I don't care if the internet site requires SSL or not.</FONT></SPAN><SPAN LANG="en-us"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">If a site does require SSL then can squid handle</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">s</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri"> that where again the respo</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Calibri">nses back to the clien</FONT><FONT FACE="Calibri">t are</FONT></SPAN><SPAN LANG="en-us"><B> <FONT FACE="Calibri">http</FONT></B></SPAN><SPAN LANG="en-us">.</SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">-Patrick</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
</BODY>
</HTML>