Christof Gerber
2018-12-05 12:03:14 UTC
I have a squid 3.5 as forward proxy that does ssl_bump by default.
Some traffic I need to forward in addition to a second proxy by proxy
chaining. The following configuration works for HTTP traffic but not
with HTTPS. I found out through
https://www.spinics.net/lists/squid/msg84767.html that this is because
Squid 3.5 is not capable of doing ssl_bump + proxy chaining because
the first proxy in the chain won't send a CONNECT after ssl_bump was
performed. My question is:
1. Is this finding still up-to-date , saying that Squid 3.5 does not
support ssl_bump + proxy chaining. How is it for Squid 4?
squid.conf snippet doing proxy chaining:
ssl_bump bump group_default
acl forward_group dstdomain .dropbox.com
cache_peer forward.domain.com parent 8080 0 no-query default
cache_peer_access forward.domain.com allow forward_group
never_direct allow forward_group
never_direct deny all
Some traffic I need to forward in addition to a second proxy by proxy
chaining. The following configuration works for HTTP traffic but not
with HTTPS. I found out through
https://www.spinics.net/lists/squid/msg84767.html that this is because
Squid 3.5 is not capable of doing ssl_bump + proxy chaining because
the first proxy in the chain won't send a CONNECT after ssl_bump was
performed. My question is:
1. Is this finding still up-to-date , saying that Squid 3.5 does not
support ssl_bump + proxy chaining. How is it for Squid 4?
squid.conf snippet doing proxy chaining:
ssl_bump bump group_default
acl forward_group dstdomain .dropbox.com
cache_peer forward.domain.com parent 8080 0 no-query default
cache_peer_access forward.domain.com allow forward_group
never_direct allow forward_group
never_direct deny all
--
Christof Gerber
Email: ***@gmail.com
Christof Gerber
Email: ***@gmail.com