Re: SSL acelerator

From: Michael Ju. Tokarev <mjt@dont-contact.us>
Date: Mon, 20 Mar 2000 18:14:59 +0300

SSL session is encrypted so that only browser and an http server can decrypt it.
Squid passes all data encrypted, and it can't even see individual requests
and responces, all that it sees is a stream to/from both ends.
However, if you speak about https-accelerator mode (e.g. so that squid installed
near http server and caches it's responces to outside world), then
it _is_ possible already (but, please, do not ask me how - i should test
this, here is just some ideas):
  install your http server _without_ SSL support
  install squid near it and configure plain http-accelerator mode
   as usual
  install something like stunnel listening on you'r server https port,
   and point it to squid.
  do not allow external connections to squid and to http server.
This way you can connect to https port with ssl (to stunnel),
that will redirect traffic to squid (securely inside only your machine),
that will redirect to real http server (also with the same security).
Only one issue here about that I don't know anything is -- is it possible
to use stunnel (or similar) here? e.g. is it will looks like ssl-enabled
server?

"Jimenez Vallina, Juan" wrote:
>
> > Can Squid support SSL accelerator, like actualy support http acelerator?
> >
> >
> > It's suitable to support it on future release?
> >
> >
> > thanks in advance
> >
> > Juan Jimenez
> > jjimenez@viesgo.es
> >
Received on Mon Mar 20 2000 - 08:19:11 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:18 MST