On 12/06/2012 7:33 p.m., nipun_mlist Assam wrote:
Thanks Eliezer/Amos for the hints. But I have some concerns here with SSLBUMP. Without proxy forwarding, SSL from client is terminated on squid and then squid does SSL with the orgin server. But when squid (with SSLBUMP enabled) connects internet via upstream proxy, it behaves different way. SSL is terminated on downstream proxy as usual. But the traffic flow between squid and the usptream becomes non-encrypted (we are not enabling SSL for parent cache_peer as we want traffic to be encrypted between downstream and upstream only for HTTPS). User won't care if http traffic between upstream and downstream goes unencrypted, but he will be concerned if even for HTTPs traffic goes unencrypted between upstream and downstream.
Squid 3.1.11 which you said you were using does not support ssl-bump. Please update to 3.1.20.
Amos
