Re: Squid and SSL

From: Kathy Wu <kathywu@dont-contact.us>
Date: Tue, 23 Mar 1999 12:33:32 -0500

Thanks for the help. But I have some more questions, hope u can help me out!

In squid FAQ page, when talking about if squid support SSL, it says
"Squid can proxy SSL requests. By default, Squid will forward all SSL
requests directly to their origin servers. In firewall configurations, Squid
will forward all SSL requests to one other proxy, defined with the ssl_proxy
directive."

so does ssl_proxy directive does the SSL support? does it has any enryption
scheme built in?
If not, what do i do, when i need a proxy caching server that supports SSL?
Or do i have to add some software to squid to provide SSL support for
encryption?
Thanks..

Oskar Pearson wrote:

> Hi
>
> > I am trying to find out what encryption schemes are included ith Squid
> > for its SSL support, and whether there is a way to add additional ones.
> > I would appreciate any input! Thanks..
>
> Squid doesn't actually do any encryption: it simply acts as a
> tunnel between the client and the remote side.
>
> Essentially the client uses a CONNECT request instead of a GET
> request:
>
> GET http://www.linux.org/ HTTP/1.1
>
> Is replaced with:
>
> CONNECT www.linux.org:443 HTTP/1.1
>
> Squid then simply passes data through from the client to the server
> without interpreting it (and without saving a copy.)
>
> This can cause problems when people do this:
>
> CONNECT shell-server.domain.example:23 HTTP/1.1
>
> So the newer Squids only allow the port value to be reasonable values
> (443 and 563)
>
> Oskar
Received on Tue Mar 23 1999 - 10:34:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:23 MST