Hello Alex, Tuesday, January 27, 2026, 4:58:34 PM, you wrote:
> On 2026-01-27 06:46, Anthony Pankov wrote: >> I'm wandering is it possible and what the logic will be if configure >> squid for ssl bumping and to always go to cache_peer (never direct) >> at the same time? > Squid does not support "TLS inside TLS" yet, resulting in the following three > possible use cases/answers: > Bugs notwithstanding, bumping client traffic while talking to a cache_peer > * ... should be possible if that cache_peer listens for plain text HTTP > connections (e.g., cache_peer is a Squid instance listening on an http_port). > Just configure Squid to always go to that cache_peer (see never_direct > directive documentation). When forwarding bumped traffic, Squid will send a > plain text CONNECT request to that cache_peer (and forward TLS traffic inside > that CONNECT tunnel). Is it somehow possible to forward all bumped traffic to peer (never_direct) as plain http? Client - (tls) - Squid - (plain http) - Peer - (tls) - Origin Is it possible to make frontline Squid a TLS terminator (light cacher) while Peer will do heavy caching and Origin interaction? > * ... may also be possible if that cache_peer is an originserver peer that > listens for TLS connections (e.g., cache_peer is a Squid instance listening > on an https_port in "accel" mode). I am not sure whether Squid has enough > code to handle this configuration. Same never_direct configuration approach > would apply here. When forwarding bumped traffic, Squid will open a TLS > connection to that cache_peer. > * ... is not possible if that cache_peer is a proxy that listens for TLS > connections (e.g., cache_peer is a Squid instance listening on an https_port > in the default forward proxy mode). > HTH, > Alex. > P.S. "Peering support for SslBump" functionality was added in Squid v5, but > you should use Squid v7+. > _______________________________________________ > squid-users mailing list > [email protected] > https://lists.squid-cache.org/listinfo/squid-users -- Best regards, Anthony _______________________________________________ squid-users mailing list [email protected] https://lists.squid-cache.org/listinfo/squid-users
