Hello again. I apologize for the duplicate topic but I've hit a dead end. I'm hoping that a simpler question will be easier to answer so here goes: Is it possible to transparently proxy TLS traffic through Squid when the target server requires a client-side certificate for authentication? This works as expected when Squid is operating in non-transparent mode. When I switch to transparent mode, however, Squid doesn't request a certificate from the client and as a result the server-side handshake fails. (Standard SSL traffic flows correctly after I accept the name mismatch complaints from the browser.) I've tried to understand the handshake process but I can't determine if it's possible to transparently proxy this or if Squid just doesn't support it at the moment. Specifically, it seems that CertificateVerify requires the client to sign a message to show it possesses the private key associated with the provided certificate. This doesn't seem inconsistent with transparent proxying, as Squid could simply impersonate the target server, collect the signature from the client, and relay it back to the server. Or am I missing something obvious? Thanks in advance, Damon
<<attachment: smime.p7s>>
