I think, in the sslbump mode, if PROXY protocol is enabled, client cannot set up the SSL tunnel with squid after CONNECT call succeeds. I remember that HAProxy will send PROXY protocol line during ssl negotiation. If squid does not parse the PROXY protocol header during SSL negotiation, this will cause the problem.
Alex On Mon, Apr 13, 2015 at 7:56 PM, Amos Jeffries <[email protected]> wrote: > On 14/04/2015 4:47 a.m., Yuhua Wu wrote: > > For example, is this configuration supported? > > > > http_port 3129 require-proxy-header ssl-bump …… > > > > By the way, we added acl rules: > > > > acl frontend src 10.0.0.0/8 > > proxy_protocol_access allow frontend > > > > Alex > > > > Yes that should work. > > <http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html#ss2.7> > > Your above config example decrypts the traffic through the following > layers: > HTTPS over HTTP/1.x over PROXY/TCP ... > > As you can see the PROXY and HTTPS layers are separate protocols that > dont interact. > > Amos > > _______________________________________________ > squid-users mailing list > [email protected] > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
