[squid-users] Allowing User Certificate Authentication with SSL Bump

Alex Rousskov rousskov at measurement-factory.com
Tue Apr 27 17:57:31 UTC 2021


On 4/27/21 1:33 PM, Justin Cook wrote:
> We are running into a situation where we are unable to fully
> authenticate our users to an internal tooling service that requires
> certificate authentication as part of its login process, when going
> through squid forward proxy with SSL bump enabled.

SslBump does not support "TLS inside TLS" configurations, which is what
you get when you combine certificate-based proxy authentication (which
requires an https_port working in a forward proxy mode) with SslBump
(which, for an https_port, currently requires an interception proxy mode).

It is possible to add support for "TLS inside TLS", but it requires a
serious development effort.

https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F


HTH,

Alex.


More information about the squid-users mailing list