Join Log in
Score:1
smertrios avatar Server

Squid as an explicit & terminated forward proxy / bridge

gp flag
smertrios

Background: we've got some "old" IoT devices running an older SSL stack that must connect to a newer server over HTTPS.

We'd like to setup a forward proxy / bridge so that:

  1. Device uses its own terminated TLS to proxy (using old SSL)
  2. Device sends HTTP/CONNECT with remote server URL (https) (+basic.authentication)
    • note: remote server URL is unknown / dynamic, hence pushed with CONNECT.
  3. Proxy uses its own terminated TLS to remote https server (using newer SSL)
  4. Once established:
    • device sends plain-text HTTP/GET
    • proxy bridges plain-text traffic

We realize that this is not proper CONNECT tunneling as the device HTTP traffic is in plain-text (vs. tunneled TLS.)

Is this setup possible at all with Squid? we cannot find any doc, sample, for this use-case.

139
0 + 2
ssl
Steffen Ullrich avatar
se flag
Steffen Ullrich
Step 1 and step 4 seem to contradict each other. Either the device is using its own old SSL (step 1) or it communicates in plain (step 4). If you just want to bridge the old SSL to the new TLS you can [use squid as an intercepting proxy](https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit) - as long as squid can communicate with the older client and its older SSL.
1
Reply
smertrios avatar
gp flag
smertrios
@SteffenUllrich thank you, I'll check the provided link.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.