[squid-users] for people who suffer from https ssl pump and not interested with caching it

--Ahmad-- ahmed.zaeem at netstream.ps
Wed Dec 7 14:53:20 UTC 2016


yes thats why i posted that and hope that it can help guys .

thanks 
> On Dec 6, 2016, at 11:58 PM, Alex Rousskov <rousskov at measurement-factory.com> wrote:
> 
> On 12/06/2016 02:43 PM, --Ahmad-- wrote:
> 
>> i always see many people suffer from problems of https pump with some websites .
>> and in the same time i see that they are not interested with caching of https .
>> so all what they need is they just let HTTP & HTTPS as transparent .
>> 
>> so i just want to share about “redsocks” tool and using it to catch up https and forward it to other squid  server using “TCP_connect “ METHOD .
>> 
>> u can use redsocks  and from redsocks forward it to squid again using “tcp_connect “
> 
> If using an external TCP CONNECT wrapper is better than using "ssl_bump
> splice all" Squid configuration, then there is some Squid bug that we
> need to fix because "ssl_bump splice all" is supposed to generate the
> same TCP CONNECT internally, without any wrappers.
> 
> AFAIK, most SslBump problems in modern Squids are related to cases where
> folks want [a lot] more than just blindly tunnel (and log) all
> intercepted HTTPS connections. Many do not care about caching indeed,
> but most care about the details of what is being proxied.
> 
> 
> Alex.
> 



More information about the squid-users mailing list