Hello,
I would like to know if it is possible to set up Squid to perform
TLS passthrough to a given backend, relaying TLS encrypted
traffic to the backend, similarly to what HAProxy does below?
https://www.haproxy.com/documentation/aloha/latest/security/tls/encryption-strategies/#tls-passthrough
.
Thank you,
Fernando
On Thu, Sep 28, 2023 at 3:41 AM Matus UHLAR - fantomas
wrote:
> On 27.09.23 16:48, Fernando Giorgetti wrote:
> >I would like to know if it is possible to set up Squid to perform
> >TLS passthrough to a given backend, relaying TLS encrypted
> >traffic to t
Hello Alex, thanks for your reply.
And what should I do to let Squid use the SNI defined by the TLS client?
Thanks again,
Fernando
On Thu, Sep 28, 2023 at 11:51 AM Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 2023-09-28 09:06, Fernando Giorgetti wrote:
> > H
Fernando Giorgetti wrote:
>
> > And what should I do to let Squid use the SNI defined by the TLS client?
>
> What do you want Squid to use that SNI for?
>
> Alex.
>
>
> > On Thu, Sep 28, 2023 at 11:51 AM Alex Rousskov wrote:
> >
> > On 2023-09-28 09:06,
is trying to reach itself in a
loop.
I have also tried including a peek first, but no luck.
Thanks again for all suggestions.
On Thu, Sep 28, 2023 at 7:23 PM Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 2023-09-28 15:23, Fernando Giorgetti wrote:
>
> > Actually
a reverse-proxy, but I had no luck with it
(actually
I was able to proxy HTTP/HTTPS, but not non-http).
Thank you again,
Fernando
On Thu, Sep 28, 2023 at 11:39 PM Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 2023-09-28 20:35, Fernando Giorgetti wrote:
>
> > Do
om> wrote:
> On 2023-09-29 09:17, Fernando Giorgetti wrote:
>
> > Actually I am evaluating if Squid can be used to proxy Non-HTTP/TLS
> > data, as we have a restricted environment where Squid is currently the
> > only way to get out to the internet.
>
> Yes, Squid ca
Thank you,
Fernando
On Fri, Sep 29, 2023 at 12:53 PM Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 2023-09-29 10:55, Fernando Giorgetti wrote:
> > Do you control the client application? If yes, then perhaps it can be
> > adjusted to support HTTP prox
s the gateway, then it would be nice to
see how.
Thanks
Em sex., 29 de set. de 2023 18:13, Alex Rousskov <
rouss...@measurement-factory.com> escreveu:
> On 2023-09-29 13:55, Fernando Giorgetti wrote:
>
> > The "intercept" scenario demonstrated here
> > https://wiki.s
Thank you Amos and Rafael,
Using the LinuxDnat approach worked great as well.
On Sat, Sep 30, 2023 at 5:18 AM Amos Jeffries wrote:
> On 30/09/23 11:06, Fernando Giorgetti wrote:
> > If someone has already done that, with the client running in a different
> > machine, I would l
10 matches
Mail list logo
