[squid-users] It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured).

Alex Rousskov rousskov at measurement-factory.com
Mon May 22 20:06:20 UTC 2017


On 05/22/2017 08:14 AM, yuriang wrote:

> It is possible to use SSL_bump on my squid server 3.5.23, if my parent
> cache (cache_peer) does not use ssl_bump (not configured).

I do not think it is possible to use SslBump steps 2+ with cache_peers
that expect plain HTTP requests. AFAICT, for SslBump to work with a
cache peer beyond the first step, the cache_peer line in the child
squid.conf has to configure that peer as an TLS origin server. Here are
some potentially relevant emails about this missing feature:

http://lists.squid-cache.org/pipermail/squid-users/2017-January/014283.html

http://lists.squid-cache.org/pipermail/squid-users/2017-January/014287.html

http://lists.squid-cache.org/pipermail/squid-users/2017-January/014290.html

Please note that this is not about "my parent does not use ssl_bump"
specifically but about "I use a cache_peer" in general.

Alex.



More information about the squid-users mailing list