[squid-users] Trying to set up SSL cache - solved!
Alex Rousskov
rousskov at measurement-factory.com
Thu Feb 24 20:07:53 UTC 2022
On 2/24/22 14:38, Dave Blanchard wrote:
> ssl_bump client-first all
> What is the replacement for client-first?
A "good" answer depends on what exactly you are trying to achieve;
details matter. A "dumb" answer (i.e. a direct replacement without
considering your true needs and Squid bugs) is:
ssl_bump bump all
Please do not misinterpret my statement as if that dumb answer is never
good or correct. It all depends on your needs.
> I prefer to handle the certificate validation externally
It is a common need. Squid supports external certificate validator
programs (a.k.a. helpers). Look for sslcrtvalidator_program in
squid.conf.documented. For communication details, see the following
wikip age and src/security/cert_validators/fake/
https://wiki.squid-cache.org/Features/AddonHelpers
HTH,
Alex.
More information about the squid-users
mailing list