Many thanks for pointing me to the good direction, Henrik.
This looks pretty much excatly what I have been looking for for some
time ;-)
The code looks good, but I'm not easy with OpenSSL (I would have
written it either, huh !)
Do you have any feed back of production use on heavy traffic sites or
is it still early beta ?
Do you plan to merge it with the mainstream code so day ?
Paul,
happy ;-))
Henrik Nordstrom wrote:
>
> If you are talking about accelerators or surrogates then please say so.
> The rules for those are very different compared to a normal proxy.
>
> For SSL accelerator support in Squid, see
> http://squid.sourceforge.net/projects.html#ssl
>
> --
> Henrik Nordstrom
> Squid hacker
>
> Paul Boyer wrote:
> >
> > The way I understand the initial question was to proxy SSL WITH
> > BROWSER KNOWLEDGE.
> > this would be of great help for example in accelerator mode :
> >
> > client --- ssl ---> Squid --- http ---> server
> >
> > 1- The web server would not have to handle the encryption task: gain
> > of performance and possibility to use an existing web server without
> > good ssl support
> > 2- The traffic could be monitored for hostile activity by an intrusion
> > detection tool (lets say snort) on the hub between the squid and the
> > Web server
> >
> > I agree with you, that kind of tool would also be usefull for some bad
> > guys willing to set-up a man-in-the-middle attack.
> >
> > Anyway, Macrosoft "proxy server" can do it, since several years.
> >
> > Paul Boyer
> >
> > Henrik Nordstrom wrote:
> > >
> > > senthilvasan wrote:
> > > >
> > > > I realise that squid can only tunel SSL. Do you know any other SSL proxy
> > > > that works like a real proxy, (decrypts and encrypts in the proxy level)? If
> > > > I find such a proxy, all my problems will be solved..
> > >
> > > As I said that you CANNOT DO THAT unless you first cracking the SSL
> > > encryption. The browser will reject the SSL connection if thouched by
> > > any host now knowing the private encryption key of the server.
> > >
> > > It is not a matter of Squid. It is a matter of how SSL works.
> > >
> > > --
> > > Henrik Nordstrom
> > > Squid hacker
> > >
> > > --
> > > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Nov 01 2000 - 15:26:42 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:13 MST