Re: [squid-users] HTTPS sites

From: Colin Campbell <sgcccdc@dont-contact.us>
Date: Fri, 5 Oct 2001 09:51:36 +1000 (EST)

Hi,

Normally, what happens with https: is the following:

browser connects to proxy
browser says "CONNECT www.squid-cache.org 443"
proxy makes connection to www.squid-cache.org on port 443
browser starts SSL conversation with server
proxy ferries encrypted packets back and forth between server and browser

So, (as everyone seems to miss) the proxy only ever sees encrypted
packets. It doesn't know what's in them and cannot find out since it was
never a party to the original encrypted session setup.

Colin

On Thu, 4 Oct 2001, Deb Heller-Evans wrote:

>
> Trying to understand another issue - it has been said that squid
> shouldn't be interception proxying requests to HTTPS sites, since
> they can't be cached, and the client hits the site directly.
>
> My question: are requests on port 443 (HTTPS) not intercepted for
> proxying because they might contain "secure" information? In my
> configuration, if I don't intercept this, and let them hit the
> site directly, then the request bypasses my VirusWall.
>
Received on Thu Oct 04 2001 - 17:52:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:37 MST