In this case we're not looking to authenticate the user themselves with the squid server but with the destination web server, does that change the scope?
On Tue, Apr 27, 2021 at 10:57 AM Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 4/27/21 1:33 PM, Justin Cook wrote:
> We are running into a situation where we are unable to fully
> authenticate our users to an internal tooling service that requires
> certificate authentication as part of its login process, when going
> through squid forward proxy with SSL bump enabled.
SslBump does not support "TLS inside TLS" configurations, which is what
you get when you combine certificate-based proxy authentication (which
requires an https_port working in a forward proxy mode) with SslBump
(which, for an https_port, currently requires an interception proxy mode).
It is possible to add support for "TLS inside TLS", but it requires a
serious development effort.
https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
HTH,
Alex.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
