Now it make more sense to me. Yes, right now I am only seeing plain text ICAP headers for all https traffic. But I see whole payload for http traffic on ICAP port. Which you already mentioned that squid sends http message if it is able to parse it. As you say that ssl-bump will convert CONNECT to series of http request. I tried tcpdump on port 3128 (squid)/80/443/1344(ICAP) . But in all this case I only see unencrypted HTTP request for https traffic. However not able to see payload. Does ssl-bump decrypt the payload as well and make it available as plain text. ??? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/https-traffic-using-squid-and-icap-tp4660720p4660733.html Sent from the Squid - Users mailing list archive at Nabble.com.
