On 12/02/2017 7:40 p.m., Varun Singh wrote: > > The answer points to installing a CA on client. The question was about how to get browsers talking TLS *directly to a Squid reverse-proxy*. Your Ubuntu package is not capable of that and you are not using a reverse-proxy. > Does this mean even if I don't want Squid-in-the-middle approach, my > clients would still have to install a certificate? No. It is irrelevant to yrou sitation. You began this thread with a simple question: > Hi, > I have a Squid 3 installed on Ubuntu 16.04. It works perfectly as an > HTTP proxy server in transparent mode. > I wanted to know whether it can be configured to run as HTTPS proxy > server without ssl-bump i.e. without 'man in the middle attack' > technique. Everything you have been asking about since then is various ways to do parts of the SSL-bump process. Which does not fit very well with the "without ssl-bump" requirement. Simply put; if you are not going to SSL-Bump then you can discard any thoughts of doing things with the HTTPS messages or port 443 traffic. If you have changed your mind and want to use SSL-Bump now, please re-describe what you want to actually happen now. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
