[squid-dev] forward bumped traffic to parent in plain form

Alex Rousskov rousskov at measurement-factory.com
Thu Apr 16 20:05:40 UTC 2026

Previous message (by thread): [squid-dev] forward bumped traffic to parent in plain form
Next message (by thread): [squid-dev] form PROXY header for cache_peer requests
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2026-04-16 10:36, Anthony Pankov wrote:
> Thursday, April 16, 2026, 4:15:12 PM, you wrote:
>> On 2026-04-16 07:41, Anthony Pankov wrote:
> 
>>>> Alex: AFAICT, according to SslPeekAndSplice, after step1, Squid interprets "bump" as
>>>> * "talk to the server and then respond to the client" rather than
>>>> * "respond to the client and then talk to the server".
> 
> 
>>> If a bump after step1 defined as "talk to the server and then respond
>>> to the client" consequently Squid should not allow any "client-first"
>>> modes.
> 
>> Today, Squid probably does not support "respond to the client and then talk to the server" behavior after step1. Assuming that is true:
> 
>> * That current code state does not imply that Squid "should not" support such behavior in the future.
> 
>> * It implies that if Squid gains such support in the future, then that support is likely to require changes in how Squid configuration is interpreted, probably either by adding new actions (to preserve behavior of existing deployments) or allowing the existing "client-first" action beyond step1 (with a risk of breaking a few existing deployments that still use that currently deprecated action).

> Why I was asking was to know is there any roadmap for introducing new
> actions or modifying configuration interpretation to do my changes
> accordingly.

There is not. My earlier suggestions is the best I can offer as far as 
"roadmap" for new ssl_bump actions (or reinterpreting the existing but 
deprecated client-first action) is concerned (in this email thread 
context), but those suggestions are not official and (obviously) not 
comprehensive/polished/tested/etc.

If eventual official acceptance of your changes is critical, then it may 
be best to start with a proposal that details what you want to change. 
So far, I assumed that you mostly care about "working code" for your 
specific use case, allowing you to avoid the high burden of creating and 
passing official proposal review in this messy and poorly understood 
SslBump context.

Alex.

Previous message (by thread): [squid-dev] forward bumped traffic to parent in plain form
Next message (by thread): [squid-dev] form PROXY header for cache_peer requests
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-dev mailing list