Thank you very much Amos and Alex for the helpful explanations, high level of detail, and for tracking down that this combo is not possible at this time.
We're going to evaluate what to do next with this info. I'll probably be following up with more questions soon.
-M
On Fri, Jun 2, 2017 at 9:05 AM, Alex Rousskov <rousskov@measurement-factory.com > wrote:
On 06/01/2017 01:26 PM, Alex Rousskov wrote:
> On 06/01/2017 11:29 AM, Alex Rousskov wrote:
> * HTTPS proxy is a rarely used feature that works well for some.
> * SslBump is a frequently used feature that works well enough for some.
> Disclaimer: I do not know of anybody using the _combination_ of the
> above two features, and I do not recall whether such a combination is
> already supported. Please post once you figure it out.
I just confirmed that Squid does _not_ support the above combination. An
https_port with an ssl-bump option requires either "tproxy" or
"intercept" mode, which are both incompatible with HTTPS proxy mode.
Until the above combination is supported, you have to pick between using
HTTPS proxy and using SslBump.
http://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a _new_Squid_feature.2C_enhance. 2C_of_fix_something.3F
Alex.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
