Re: [squid-users] Reverse proxy (SSL) help

From: Colin Campbell <sgcccdc@dont-contact.us>
Date: Mon, 30 Jul 2001 09:34:20 +1000 (EST)

Hi,

On Fri, 27 Jul 2001, Luzynski, Steve wrote:

> I'm attempting to set up a reverse proxy to 'hide' a pile of NT web servers
> behind. I got the virtual host part all working great, but I'm struggling
> with SSL. Can squid reverse SSL? The docs aren't absolutely clear on it and
> I've found conflicting answers all over the web...

Thinnk about how it works. You have an excrypted session. The only systems
that can decrypt the session are those with the keys. That means, you can:

1) run encrypted from browser to reverse proxy and clear text from proxy
   to httpd, OR

2) run clear text from browser to reverse proxy and encrypted from proxy
   to httpd, OR

3) run encrypted from browser to reverse proxy and A DIFFERENT encrypted
   session from proxy to httpd

Option #2 is pointless.
Option #1 is supported by squid.
Option #3 is supported by Netscape proxy server.

Because of its nature you can never run an encrypted session all the way.
No interposed body can see the stream without unencrypting it for which it
needs the keys.

Colin

--
Colin Campbell
Unix Support/Postmaster/Hostmaster
CITEC
+61 7 3006 4710
Received on Sun Jul 29 2001 - 17:37:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:20 MST