I'm many months late, but I happened to come across this thread while going through the archives. I have in fact been using Squid to work around https issues on an older system, in my case OS X 10.9.
Squid's documentation is difficult to decipher, so it took me a solid day to get everything set up! But, my working configuration file is as follows: http_port 3128 ssl-bump generate-host-certificates=on cert=/Library/Squid/Certificates/squid.pem key=/Library/Squid/Certificates/squid-key.pem tls_outgoing_options cafile=/Library/Squid/Certificates/cacert.pem sslcrtd_program /Library/Squid/security_file_certgen acl excluded_domains ssl::server_name .pypi.org .pythonhosted.org acl apple_domains ssl::server_name_regex ess\.apple\.com$ ^sw.*\.apple\.com$ acl local_addresses ssl::server_name_regex ^192\.[0-9]+\.[0-9]+\.[0-9]+$ ^10\.[0-9]+\.[0-9]+\.[0-9]+$ ^172\.(1[6-9]|2[0-9]|3[01])\.[0-9]+\.[0-9]+$ acl loopback_addresses ssl::server_name_regex ^127\.[0-9]+\.[0-9]+\.[0-9]+$ ^::1$ acl excluded any-of excluded_domains apple_domains local_addresses loopback_addresses ssl_bump splice excluded ssl_bump bump all acl fetched_certificate transaction_initiator certificate-fetching cache allow fetched_certificate http_access allow fetched_certificate sslproxy_cert_error deny all http_access allow localhost http_access deny to_localhost http_access deny all This config file assumes there's a root cert in /Library/Squid/Certificates/squid.pem and a key in /Library/Squid/Certificates/squid-key.pem. The excluded domains can be adjusted if desired; `apple_domains` fixes issues with some built-in Apple services that appear to use certificate pinning (iMessage, App Store), and `local_addresses` fixed some issues with docker-machine. You can also exclude specific domains from the proxy within OS X's System Preferences. If your old system happens to be one of 10.6–10.9, and you're interested like to run Squid on the Mac itself as opposed to on an external router, I put together a little automagic installer here. The readme contains some additional instructions on adding a certificate to Keychain Access that may be useful even if you're going the different-device route. https://jonathanalland.com/downloads/wowfunhappy-https-proxy.dmg I would recommend that basically anyone on an old system consider setting up something like this! It fixes a lot of stuff!
