Re: [squid-users] sslbump and always_direct from Amos Jeffries on 2011-01-27 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 28 Jan 2011 05:59:15 +1300

On 28/01/11 01:53, Ming Fu wrote:
> Hi Amos,
>
> Does this mean if I use sslbump, I can't have parent proxy.
>

Should work most of the time. Just be aware there is at least one bug.
We know it bites badly when there is auth involved, other circumstances
are unknown.

> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: January-26-11 5:53 PM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] sslbump and always_direct
>
> On Wed, 26 Jan 2011 20:18:08 +0000, Ming Fu wrote:
>> Hi,
>>
>>
>> The wiki sample http://wiki.squid-cache.org/Features/SslBump suggested
>> addi= ng "always_direct allow all".
>>
>> This will prevent me from having a peer proxy when sslbump is
> configured.
>>
>> Wonder what is the reason behind the setting.
>
> With ssl-bump Squid will hit bugs when un-wrapping back to a CONNECT
> request or may send raw unencrypted https://... URLs to the peers.
>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4

Received on Thu Jan 27 2011 - 16:59:19 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 28 2011 - 12:00:04 MST