On 06/01/2017 10:09 AM, Madonna, A. (spir-it) wrote: > can we use ssl_bump to intercept https traffic with a parent proxy > (cache_peer).
IIRC, you may be able to use limited SslBump features, but not the full SslBump functionality: Peeking or staring at the origin server through a cache_peer is not supported (yet). > ssl_bump peek step1 > cache_peer ... parent 8080 0 no-query no-netdb-exchange no-digest Bugs notwithstanding, the above combination should work because peeking at step1 does not require communication with a cache_peer and splicing at step2 should follow the regular (non-SslBump) tunneling path for CONNECTs, where modern Squids do support cache peers. I recommend that you make everything work without a cache_peer and then add a cache_peer. Alex. _______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
