On 09/20/2018 12:36 PM, Brett wrote: > I currently have squid setup to use a self-signed certificate for MITM to > cache HTTPS requests. This works. [...] > Is there a way I can configure squid so I can specify > it as a proxy for an https request and then have it act as a cache or > forward to an HTTP proxy (that supports CONNECT)? AFAICT, you are asking about the missing "SslBump with cache_peer" feature, which was covered in several recent threads, including this email: http://lists.squid-cache.org/pipermail/squid-users/2018-July/018653.html > ssl_bump peek step1 > ssl_bump bump all This configuration bumps everything at step2. > If I change the ssl_bump directives above to the following: > ssl_bump stare step2 > ssl_bump bump step3 This (misleading!) configuration should splice everything at step1. In other words, it should be equivalent to this (clear) configuration: ssl_bump splice all or a disabled SslBump. According to your tests, that is exactly what happens (and the lack of non-trivial SslBump involvement probably explains why peering works in this corner case). If you need more information about the equivalence of the last two configurations, please consider studying the following wiki page and a related recent email thread: * https://wiki.squid-cache.org/Features/SslPeekAndSplice * http://lists.squid-cache.org/pipermail/squid-users/2018-September/019162.html HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
