[squid-users] for people who suffer from https ssl pump and not interested with caching it

Alex Rousskov rousskov at measurement-factory.com
Wed Dec 7 15:35:36 UTC 2016


On 12/07/2016 07:53 AM, --Ahmad-- wrote:
> yes thats why i posted that and hope that it can help guys .

IMHO, replacing what is supposed to be a working feature with a whole
other product is unlikely to be helpful long-term.

* If "ssl_bump splice all" does not work for an intercepting https_port,
then file or update a bug report (at least).

* If "ssl_bump splice all" works, then your message is more likely to
misdirect and spread FUD than to help those struggling with SslBump.

Alex.



>> On Dec 6, 2016, at 11:58 PM, Alex Rousskov <rousskov at measurement-factory.com> wrote:
>>
>> On 12/06/2016 02:43 PM, --Ahmad-- wrote:
>>
>>> i always see many people suffer from problems of https pump with some websites .
>>> and in the same time i see that they are not interested with caching of https .
>>> so all what they need is they just let HTTP & HTTPS as transparent .
>>>
>>> so i just want to share about “redsocks” tool and using it to catch up https and forward it to other squid  server using “TCP_connect “ METHOD .
>>>
>>> u can use redsocks  and from redsocks forward it to squid again using “tcp_connect “
>>
>> If using an external TCP CONNECT wrapper is better than using "ssl_bump
>> splice all" Squid configuration, then there is some Squid bug that we
>> need to fix because "ssl_bump splice all" is supposed to generate the
>> same TCP CONNECT internally, without any wrappers.
>>
>> AFAIK, most SslBump problems in modern Squids are related to cases where
>> folks want [a lot] more than just blindly tunnel (and log) all
>> intercepted HTTPS connections. Many do not care about caching indeed,
>> but most care about the details of what is being proxied.
>>
>>
>> Alex.



More information about the squid-users mailing list