<div dir="ltr">Yes, I've tried all of these combinations.<div><br></div><div>### 0x00 <span style="color:rgb(80,0,80)">cache_peer no ssl</span></div><div><span style="color:rgb(80,0,80)"><br></span></div><div>> ssl_bump allow all<span class="gmail-im" style="color:rgb(80,0,80)"><br>> cache_peer 127.0.0.1 parent 3129 0 【no ssl】</span><span style="color:rgb(80,0,80)"><br></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><br></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)">curl </span><a href="https://google.com/" rel="noreferrer" target="_blank">http://google.com</a><span style="color:rgb(34,34,34)"> -x http://admin:squid@localhost:3</span><span style="color:rgb(34,34,34)">128 -v  -k   【it is ok】</span><br></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)"><br></span></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><div><span class="gmail-im"><span style="color:rgb(34,34,34)">curl </span><a href="https://google.com/" rel="noreferrer" target="_blank">https://google.com</a><span style="color:rgb(34,34,34)"> -x https://admin:squid@localhost:3</span><span style="color:rgb(34,34,34)">128 -v  -k   【Get 502】</span><br></span></div><div></div></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><div><span class="gmail-im"><div><span class="gmail-im"><span style="color:rgb(34,34,34)">curl </span><a href="https://google.com/" rel="noreferrer" target="_blank">https://google.com</a><span style="color:rgb(34,34,34)"> -x http://admin:squid@localhost:3</span><span style="color:rgb(34,34,34)">128 -v  -k     【Get 502】</span><br></span></div><div></div></span></div><div></div></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><br></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)">< HTTP/1.1 502 Bad Gateway<br>< X-Cache: MISS from <a href="http://example.com">example.com</a><br>< Transfer-Encoding: chunked<br>< Connection: keep-alive<span style="color:rgb(34,34,34)"><br></span></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><br></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)">log json:</span></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)">





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(181,189,104);background-color:rgb(28,31,33)"><span class="gmail-s1" style="color:rgb(197,200,198)">{ </span>"clientip"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"127.0.0.1"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"ident"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"-"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"uname"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"admin"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"timestamp"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"2020-09-28T04:16:28+0000"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"verb"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"CONNECT"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"request"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"<a href="http://google.com:443">google.com:443</a>"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"httpversion"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"HTTP/1.1"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"response"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span><span class="gmail-s2" style="color:rgb(222,147,95)">200</span><span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"bytes"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span><span class="gmail-s2" style="color:rgb(222,147,95)">0</span><span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"referer"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"-"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"agent"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"curl/7.47.0"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"request_status"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"HIER_NONE"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"hierarchy_status"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"HIER_NONE"<span class="gmail-s1" style="color:rgb(197,200,198)"> }</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(181,189,104);background-color:rgb(28,31,33)"><span class="gmail-s1" style="color:rgb(197,200,198)">{ </span>"clientip"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"127.0.0.1"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"ident"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"-"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"uname"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"admin"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"timestamp"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"2020-09-28T04:16:28+0000"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"verb"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"GET"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"request"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"<a href="https://google.com/">https://google.com/</a>"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"httpversion"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"HTTP/1.1"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"response"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span><span class="gmail-s2" style="color:rgb(222,147,95)">502</span><span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"bytes"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span><span class="gmail-s2" style="color:rgb(222,147,95)">117</span><span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"referer"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"-"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"agent"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"curl/7.47.0"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"request_status"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"HIER_NONE"<span class="gmail-s1" style="color:rgb(197,200,198)">, </span>"hierarchy_status"<span class="gmail-s1" style="color:rgb(197,200,198)">: </span>"HIER_NONE"<span class="gmail-s1" style="color:rgb(197,200,198)"> }</span></p></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)"><br></span></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)">### 0x01 </span></span>cache_peer with ssl</div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)"><br></span></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><div>> ssl_bump allow all<span class="gmail-im"><br>> cache_peer 127.0.0.1 parent 3129 0  ssk</span><br></div><div><span class="gmail-im"><br></span></div><div><span class="gmail-im"><span style="color:rgb(34,34,34)">curl </span><a href="https://google.com/" rel="noreferrer" target="_blank">http://google.com</a><span style="color:rgb(34,34,34)"> -x http://admin:squid@localhost:3</span><span style="color:rgb(34,34,34)">128 -v  -k   【</span>Get 502<span style="color:rgb(34,34,34)">】</span></span></div><div><span class="gmail-im"><div><span class="gmail-im"><span style="color:rgb(34,34,34)">curl </span><a href="https://google.com/" rel="noreferrer" target="_blank">https://google.com</a><span style="color:rgb(34,34,34)"> -x https://admin:squid@localhost:3</span><span style="color:rgb(34,34,34)">128 -v  -k   【Get 502】</span><br></span></div><div></div></span></div><div><span class="gmail-im"><br></span></div><div>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)">< HTTP/1.1 <span class="gmail-s1" style="color:rgb(222,147,95)">503</span> Service Unavailable</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)">< Server: squid/5.0.4</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)">< Mime-Version: <span class="gmail-s1" style="color:rgb(222,147,95)">1</span>.0</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)">< Date: Mon, <span class="gmail-s1" style="color:rgb(222,147,95)">28</span> Sep <span class="gmail-s1" style="color:rgb(222,147,95)">2020</span> <span class="gmail-s1" style="color:rgb(222,147,95)">04</span>:21:00 GMT</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)">< Content-Type: text/html;<span class="gmail-s2" style="color:rgb(204,102,102)">charset</span>=utf-8</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)">< Content-Length: <span class="gmail-s1" style="color:rgb(222,147,95)">1649</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)">< X-Squid-Error: ERR_SECURE_CONNECT_FAIL <span class="gmail-s1" style="color:rgb(222,147,95)">71</span></p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33);min-height:14px"><br></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)"><p>The system returned:</p></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)"><blockquote <span class="gmail-s2" style="color:rgb(204,102,102)">id</span>=<span class="gmail-s3" style="color:rgb(181,189,104)">"data"</span>></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)"><pre>(<span class="gmail-s1" style="color:rgb(222,147,95)">71</span>) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)</pre></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)"><p>Handshake with SSL server failed: [No Error]</p></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:Menlo;color:rgb(197,200,198);background-color:rgb(28,31,33)"></blockquote></p></div></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)"><br></span></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)"><br></span></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)"><br></span></span></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)">### 0x02 how to outgoing https request by </span></span>cache_peer (on squid 5.0.4/Chains proxy)</div><div><br></div><div>Similar features to Charles OR <span style="color:rgb(77,81,86);font-family:arial,sans-serif;font-size:14px">Fiddler. ( open http(s) proxy  on 8080, then capture the request , outgoing on another http(s)/socks4/5 proxy.)</span></div><div><span style="color:rgb(77,81,86);font-family:arial,sans-serif;font-size:14px"><br></span></div><div><span style="color:rgb(77,81,86);font-family:arial,sans-serif;font-size:14px">1. </span>Fiddler gateway: <a href="https://docs.telerik.com/fiddler-everywhere/user-guide/settings/gateway">https://docs.telerik.com/fiddler-everywhere/user-guide/settings/gateway</a></div><div><br></div><div>curl <a href="https://google.com">https://google.com</a> -x <a href="http://squid:3128">http://squid:3128</a> --> outgoing(cache_peer: like Fiddler gateway) --> <a href="http://google.com:443">google.com:443</a></div><div><br></div><div>The cache_peer should be ignore ssl VERIFY. !!! like other software.</div><div><br></div><div>On squid 5.0.4, http is ok, https will get ERR_SECURE_CONNECT_FAIL error.</div><div><br></div><div><span class="gmail-im" style="color:rgb(80,0,80)"><span style="color:rgb(34,34,34)"><br></span></span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>> 于2020年9月28日周一 上午6:48写道：<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 9/27/20 12:07 PM, sec wrote:<br>
<br>
> http_port 3128 ssl-bump ...<br>
<br>
> curl <a href="http://google.com" rel="noreferrer" target="_blank">http://google.com</a> -x https://admin:squid@localhost:3128 -v  -k<br>
<br>
The above two lines do not match AFAICT: You tell curl to use an HTTPS<br>
proxy, but you tell Squid to expect plain HTTP proxy requests.<br>
<br>
Also, please note that if you fix the above problem by moving "https"<br>
from "-x" to the origin server URL, then you will probably face another<br>
problem:<br>
<br>
curl <a href="https://google.com" rel="noreferrer" target="_blank">https://google.com</a> -x http://admin:squid@localhost:3128 -v  -k<br>
<br>
> ssl_bump allow all<br>
<br>
> cache_peer 127.0.0.1 parent 3129 0 ssl<br>
<br>
Squid does not (yet) support "TLS inside TLS": Talking TLS with the<br>
origin server through a cache_peer that also expects a TLS connection.<br>
<br>
<br>
HTH,<br>
<br>
Alex.<br>
</blockquote></div>