RE: [squid-users] sslbump and always_direct from Ming Fu on 2011-01-27 (squid-users)

From: Ming Fu <Ming.Fu_at_watchguard.com>
Date: Thu, 27 Jan 2011 18:17:03 +0000

Hi Amos,

Thanks for the insight.
Do you remember the bug number? I want to understand the issue especially when unencrypted traffic can be sent.

Ming

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: January-27-11 11:59 AM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] sslbump and always_direct

On 28/01/11 01:53, Ming Fu wrote:
> Hi Amos,
>
> Does this mean if I use sslbump, I can't have parent proxy.
>

Should work most of the time. Just be aware there is at least one bug.
We know it bites badly when there is auth involved, other circumstances
are unknown.

> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: January-26-11 5:53 PM
> To: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] sslbump and always_direct
>
> On Wed, 26 Jan 2011 20:18:08 +0000, Ming Fu wrote:
>> Hi,
>>
>>
>> The wiki sample http://wiki.squid-cache.org/Features/SslBump suggested
>> addi= ng "always_direct allow all".
>>
>> This will prevent me from having a peer proxy when sslbump is
> configured.
>>
>> Wonder what is the reason behind the setting.
>
> With ssl-bump Squid will hit bugs when un-wrapping back to a CONNECT
> request or may send raw unencrypted https://... URLs to the peers.
>

Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4
Received on Thu Jan 27 2011 - 18:17:10 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 28 2011 - 12:00:04 MST