I have an upstream proxy that requires HTTPS. I want all traffic to use this parent proxy. My current configuration looks like
acl localnet src 172.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
http_access allow localhost manager
include /etc/squid/conf.d/*.conf
http_access allow all
http_port 3128
cache_peer myproxy.provider.com parent 443 0 default login=username:password tls ssldomain=myproxy.provider.com
never_direct allow all
When attempting to connect I get 502 Bad Gateway and looking at packet traces I see the Client Hello does not include the SNI field to my proxy provider (I'm expecting to see myproxy.provider.com).
I'm using squid 5.2, inside this docker container https://hub.docker.com/r/ubuntu/squid .
Log entries for an HTTPS request through this proxy and an HTTP request through this proxy are below:
1663639170.630 404 172.17.0.1 TCP_TUNNEL/502 0 CONNECT ipinfo.io:443 - FIRSTUP_PARENT/<ipaddr> -
1663642918.552 437 172.17.0.1 TCP_MISS/502 3901 GET http://ipinfo.io/ - FIRSTUP_PARENT/<ipaddr> text/html
How can I configure Squid to use the cache_peer hostname as the SNI field in the TLS session setup? I feel like I'm missing something fundamental here but can't find docs that help.