[squid-users] SSL connction failed due to SNI after content redirection
Amos Jeffries
squid3 at treenet.co.nz
Sat Aug 1 03:57:09 UTC 2015
On 23/07/2015 2:41 a.m., Alex Wu wrote:
> We do not use cache-peer. I thought cache-peer is for connecting another squid-like proxy server.
Historically yes. In Squid-3 it is for connecting to any specific
upstream server.
The correct way to send traffic over TLS/SSL to an intranet server is
like this:
cache_peer internal.example.com parent 443 0 name=internal \
originserver ssl forcedomain=www.internal.example.net
acl example dstdomain .example.com
cache_peer_access internal allow example
That performs the same outgoing HTTP request as would be generated by
URL-rewriting www.example.com to https://www.internal.example.net. But
far faster and far less processing overheads.
[Sorry for not replying with this earlier. I just re-found the thread
while looking up your name for the bug 4293 commit.]
Amos
More information about the squid-users
mailing list