[squid-users] It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured).
Alex Rousskov
rousskov at measurement-factory.com
Mon May 22 20:06:20 UTC 2017
On 05/22/2017 08:14 AM, yuriang wrote:
> It is possible to use SSL_bump on my squid server 3.5.23, if my parent
> cache (cache_peer) does not use ssl_bump (not configured).
I do not think it is possible to use SslBump steps 2+ with cache_peers
that expect plain HTTP requests. AFAICT, for SslBump to work with a
cache peer beyond the first step, the cache_peer line in the child
squid.conf has to configure that peer as an TLS origin server. Here are
some potentially relevant emails about this missing feature:
http://lists.squid-cache.org/pipermail/squid-users/2017-January/014283.html
http://lists.squid-cache.org/pipermail/squid-users/2017-January/014287.html
http://lists.squid-cache.org/pipermail/squid-users/2017-January/014290.html
Please note that this is not about "my parent does not use ssl_bump"
specifically but about "I use a cache_peer" in general.
Alex.
More information about the squid-users
mailing list