[squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump

Amos Jeffries squid3 at treenet.co.nz
Mon Oct 20 16:35:30 UTC 2025

Previous message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Next message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20/10/2025 22:29, Gonzalo Vázquez Enjamio wrote:
> Thanks for the reply.
> 
> My question is if it would be possible to log HTTPS traffic, in a Squid 
> in transparent mode, without intercepting the traffic?
> 

You are a bit confused there. "transparent mode" is interception.

Consider - how is Squid to know what the **encoded** traffic is?

"outside" the encryption there is:
   * a TCP handshake, and
   * a CONNECT request (possibly created by Squid from those TCP 
handshake details), and
   * a TLS handshake

Those details can be logged. Everything else is encrypted.

> I know it's possible with a proxy in explicit mode, but in transparent mode?
> 

The only difference between explicit proxy and intercepted is the values 
the TCP and CONNECT pieces contain. The parts that are available are the 
same.

An explicit proxy listening on port 443 **is** decrypting the traffic. 
That is why it can be logged.

HTH
Amos

Previous message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Next message (by thread): [squid-users] HTTPS Requests in a Transparent Proxy without SSL Bump
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list