On 5/11/2015 7:44 p.m., maple wrote: > hi Amos, > > what did you exactly refer to for "These particular use-case issue"? SSL-bump for port 443 intercepted directly by the proxy doing the bumping. https_port X intercept ssl-bump ... If there is an upstream proxy relaying to this one (eg proxychains) it still will not work. > it > means in 3.5+, cache_peer can be used with ssl_bump together smoothly? or It > resolves the integration problem between squid and proxychains? > > anyway, I have already upgraded my squid to 3.5.9, but neither for > cache_peer used with ssl_bump nor squid with proxychains works. > > for cache_peer used with ssl_bump: > http_access allow all > http_port 3128 intercept > https_port 3129 cert=/etc/squid/ssl_cert/squid.crt > key=/etc/squid/ssl_cert/private.key ssl-bump intercept > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > ssl_bump peek all > ssl_bump bump all > cache_peer 127.0.0.1 parent 12345 0 no-query no-digest default > never_direct allow all > > for squid with proxychians: > http_access allow all > http_port 3128 intercept > https_port 3129 cert=/etc/squid/ssl_cert/squid.crt > key=/etc/squid/ssl_cert/private.key ssl-bump intercept > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > ssl_bump peek all > ssl_bump bump all > always_direct allow all > > proxychains4 -f proxychains.conf squid -f /etc/squid/squid.conf > > for proxychians + squid, it looks like proxychians still can chain squid > with my parent proxy up. > > anything I did wrong? If proxychains is sending to this proxy explicitly then it is an explicit-proxy link. There should be no need to involve NAT. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
