[squid-users] SSL connction failed due to SNI after content redirection

Amos Jeffries squid3 at treenet.co.nz
Sat Aug 1 03:57:09 UTC 2015


On 23/07/2015 2:41 a.m., Alex Wu wrote:
> We do not use cache-peer. I thought cache-peer is for connecting another squid-like proxy server.

Historically yes. In Squid-3 it is for connecting to any specific
upstream server.


The correct way to send traffic over TLS/SSL to an intranet server is
like this:

 cache_peer internal.example.com parent 443 0 name=internal \
    originserver ssl forcedomain=www.internal.example.net
 acl example dstdomain .example.com
 cache_peer_access internal allow example

That performs the same outgoing HTTP request as would be generated by
URL-rewriting www.example.com to https://www.internal.example.net. But
far faster and far less processing overheads.


[Sorry for not replying with this earlier. I just re-found the thread
while looking up your name for the bug 4293 commit.]

Amos



More information about the squid-users mailing list