Hi. On Sat, Jul 20, 2019 at 08:28:30AM -0700, pe...@easthope.ca wrote: > * From: Reco �recovery...@enotuniq.net� > * Date: Thu, 18 Jul 2019 10:13:58 +0300 > > For the whole Internet - *maybe* (and that's a big one) squid can do > > the job. > > The story here is a different case but gives me some ideas to understand. > https://serverfault.com/questions/907490/forward-proxy-convert-http-to-https > > There "http" is rewritten to "https". In my case, URL rewriting is > not necessary; this browser specifies the correct URL. The only > deficiency is to apply TLS. > > The example also specifies a client certificate. Except to access a site > requiring a client certificate, that configuration shouldn't be necessary. > > So to my naive understanding, all that is required of squid is to apply TLS > to the communication.
I always considered squid somewhat heavyweight. I mean, the thing can do lots of stuff. But most of the time it looks the same as using a heavy truck to move a shopping bag - i.e. definitely possible, but something that probably can be avoided. > > Most probably you'll need a very creative usage of ProxHTTPSProxy > > (not in Debian) or its equivalent. > > What can squid fail to do? In this case - nothing. But we're comparing here a multipurpose forward proxy (squid) with a tool that's specifically designed to do two jobs - convert HTTPS to HTTP (unneeded here) and convert HTTP back to HTTPS. Reco
