[squid-users] TLS passthrough
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Sep 28 13:36:05 UTC 2023
On 28.09.23 10:06, Fernando Giorgetti wrote:
>Hi Matus, do you mean something like a DNAT (iptables) rule?
that was my question.
>If so, I would say, it should work as well.
If you want simply redirect incoming connections to another IP/port, port
redirector should work just like DNAT.
>But this is an environment I do not control, and I have been told to try
>using an existing squid installation to proxy non-http/TLS data through.
>
>I appreciate any guidance or recommendation.
SQUID however does not have this functionality, packages like
redir, rinetd, or xinetd do have it.
>On Thu, Sep 28, 2023 at 3:41 AM Matus UHLAR - fantomas <uhlar at fantomas.sk>
>wrote:
>
>> On 27.09.23 16:48, Fernando Giorgetti wrote:
>> >I would like to know if it is possible to set up Squid to perform
>> >TLS passthrough to a given backend, relaying TLS encrypted
>> >traffic to the backend, similarly to what HAProxy does below?
>> >
>> >
>> https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough
>> >
>> >I have tried a few different configurations using reverse proxy,
>> >or peek and splice, but I could not make it work without providing
>> >a valid HTTP request or a CONNECT request.
>>
>> what's the difference between TCP redirect and this?
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
More information about the squid-users
mailing list