On 06/14/2018 01:32 PM, baretomas wrote: > On 14 June 2018 1:25 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >> 2. if you have enough control of the apps to get them connecting with >> TLS to the proxy and sending their requests there. Do that. You are not doing this if your Squid receives CONNECT requests. If you can get your apps to do the right thing, then Squid would be receiving GET requests (and such) with https:// URLs instead of CONNECT requests. >> 3. the (relatively) complicated SSL-Bump way you found. The proxy is >> fully at the mercy of the the messages sent by apps and servers. You are doing this right now. Some Java magic encrypts your app requests and sends encrypted requests through Squid via CONNECT tunnels. You bump those encrypted tunnels to get to the HTTP requests and cache responses. Alex. > According to the java docs, the https_proxy (-Dhttps.proxyHost and > -Dhttps.proxyPort should redirect all ssl traffic to that destination.) _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
