[squid-users] TLS passthrough

Fernando Giorgetti fgiorgetti at gmail.com
Thu Sep 28 13:06:33 UTC 2023


Hi Matus, do you mean something like a DNAT (iptables) rule?
If so, I would say, it should work as well.

But this is an environment I do not control, and I have been told to try
using an existing squid installation to proxy non-http/TLS data through.

I appreciate any guidance or recommendation.

Thank you,
Fernando

On Thu, Sep 28, 2023 at 3:41 AM Matus UHLAR - fantomas <uhlar at fantomas.sk>
wrote:

> On 27.09.23 16:48, Fernando Giorgetti wrote:
> >I would like to know if it is possible to set up Squid to perform
> >TLS passthrough to a given backend, relaying TLS encrypted
> >traffic to the backend, similarly to what HAProxy does below?
> >
> >
> https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough
> >
> >I have tried a few different configurations using reverse proxy,
> >or peek and splice, but I could not make it work without providing
> >a valid HTTP request or a CONNECT request.
>
> what's the difference between TCP redirect and this?
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Depression is merely anger without enthusiasm.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230928/7a74ca3e/attachment.htm>


More information about the squid-users mailing list