[squid-users] TLS passthrough

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Sep 28 13:36:05 UTC 2023


On 28.09.23 10:06, Fernando Giorgetti wrote:
>Hi Matus, do you mean something like a DNAT (iptables) rule?

that was my question.

>If so, I would say, it should work as well.

If you want simply redirect incoming connections to another IP/port, port 
redirector should work just like DNAT.

>But this is an environment I do not control, and I have been told to try
>using an existing squid installation to proxy non-http/TLS data through.
>
>I appreciate any guidance or recommendation.

SQUID however does not have this functionality, packages like 
redir, rinetd, or xinetd do have it.


>On Thu, Sep 28, 2023 at 3:41 AM Matus UHLAR - fantomas <uhlar at fantomas.sk>
>wrote:
>
>> On 27.09.23 16:48, Fernando Giorgetti wrote:
>> >I would like to know if it is possible to set up Squid to perform
>> >TLS passthrough to a given backend, relaying TLS encrypted
>> >traffic to the backend, similarly to what HAProxy does below?
>> >
>> >
>> https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough
>> >
>> >I have tried a few different configurations using reverse proxy,
>> >or peek and splice, but I could not make it work without providing
>> >a valid HTTP request or a CONNECT request.
>>
>> what's the difference between TCP redirect and this?


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete


More information about the squid-users mailing list