Hi,
On Fri, 27 Jul 2001, Luzynski, Steve wrote:
> I'm attempting to set up a reverse proxy to 'hide' a pile of NT web servers
> behind. I got the virtual host part all working great, but I'm struggling
> with SSL. Can squid reverse SSL? The docs aren't absolutely clear on it and
> I've found conflicting answers all over the web...
Thinnk about how it works. You have an excrypted session. The only systems
that can decrypt the session are those with the keys. That means, you can:
1) run encrypted from browser to reverse proxy and clear text from proxy
to httpd, OR
2) run clear text from browser to reverse proxy and encrypted from proxy
to httpd, OR
3) run encrypted from browser to reverse proxy and A DIFFERENT encrypted
session from proxy to httpd
Option #2 is pointless.
Option #1 is supported by squid.
Option #3 is supported by Netscape proxy server.
Because of its nature you can never run an encrypted session all the way.
No interposed body can see the stream without unencrypting it for which it
needs the keys.
Colin
-- Colin Campbell Unix Support/Postmaster/Hostmaster CITEC +61 7 3006 4710Received on Sun Jul 29 2001 - 17:37:10 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:20 MST