[squid-users] Does Squid support client ssl termination?

mingheng wang ifoolb at gmail.com
Wed Oct 26 16:43:08 UTC 2022


Hello all,
  Since ssl_bump can generate self signed certificates on the fly, I wonder
if this setup is possible, or even just in theory:
clients with necessary root CA installed connect to a local Squid. With
ssl_bump and self signed certs, it always talks with the clients over
HTTPS, making clients believe their connections are secure; the local Squid
then forwards the connections to a parent Squid server, which however, will
only send data back in plain HTTP, i.e. in clear text, akin to a reverse
proxy with ssl termination to its proxied site.

  my goals are to cache data/modify requests even when connecting to https
only sites, while avoiding using self signed certs to encrypt connections
over the Internet, because this way, I can chain an https proxy with
trusted certs in between.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20221027/bf676981/attachment.htm>


More information about the squid-users mailing list