Comment 10 for bug 1999909

Revision history for this message
David Torrey (dotj) wrote :

Adding to the background, the customer has business and technical reasons for the use of an HTTPS-based proxy for HTTPS URLs:

1) All communication that we leverage needs to be encrypted, and secured in any meaningful way necessary. A plain HTTP proxy would expose target URLs and proxy credentials.

2) The proxy aggregates traffic from multiple customers of their products and services, avoiding the need for each customer to manage their own whitelists.

3) Attempting to address this by squid config is not possible, as the TLS termination here is on a load balancer in front of the squid proxy. Squid is unaware that the initial proxy connection used TLS.

For those reasons, the workaround of using a plain HTTP-based proxy is not possible, nor is direct use of HTTPS to target URLs.

Thanks,
Dave
Canonical Support