[squid-users] squid proxy 3.5 redhat 7.3
Alex Rousskov
rousskov at measurement-factory.com
Thu Jun 1 16:48:59 UTC 2017
On 06/01/2017 10:09 AM, Madonna, A. (spir-it) wrote:
> can we use ssl_bump to intercept https traffic with a parent proxy (cache_peer).
IIRC, you may be able to use limited SslBump features, but not the full
SslBump functionality: Peeking or staring at the origin server through a
cache_peer is not supported (yet).
> ssl_bump peek step1
> cache_peer ... parent 8080 0 no-query no-netdb-exchange no-digest
Bugs notwithstanding, the above combination should work because peeking
at step1 does not require communication with a cache_peer and splicing
at step2 should follow the regular (non-SslBump) tunneling path for
CONNECTs, where modern Squids do support cache peers.
I recommend that you make everything work without a cache_peer and then
add a cache_peer.
Alex.
More information about the squid-users
mailing list