[squid-users] Does Squid support client ssl termination?
squid3 at treenet.co.nz
squid3 at treenet.co.nz
Tue Nov 1 17:33:59 UTC 2022
On 2022-11-02 05:44, Grant Taylor wrote:
> On 10/31/22 7:32 PM, mingheng wang wrote:
>> Sorry about that, don't know why it only went to you.
>
> Things happen. That's why I let people know, in case unwanted things
> did happen.
>
>> I delved into the configuration the last few days, and found that
>> Squid doesn't officially support cache_peer when ssl_bump is in use.
>
> That surprises me. I wonder if it's a technical limitation or an
> oversight.
>
That is not true as a blanket statement.
What Squid officially *does not* support is decrypting traffic then
sending the un-encrypted form to a HTTP-only cache_peer.
All other permutations of inbound TCP/TLS, http:// or https:// URL, and
outbound TCP/TLS should currently work to some degree. The more recent
your Squid version the better it is.
Amos
More information about the squid-users
mailing list