Re: [squid-users] SSL<->SSL<->unencrypted, (was: provide external access)

From: mlister <mailme@dont-contact.us>
Date: Fri, 21 Mar 2003 09:39:17 -0500

Henrik I really appreciate the information you have provided me.
I'd like to clarify your last post so that I can then make my next
descision:

> Squid-2.5 can provide SSL acceleration like
>
> clients -- https(SSL) --> Squid -- HTTP --> Web server
>
here the clients would the clients use SSL? and above does
"HTTP" signify running an httpd daemon on the squid box
or is it just showing the HTTP proxy tunnel?

> This functionality is also available as a patch to Squid-2.5 from
> http://devel.squid-cache.org/
>
> The use of https is also supported on peer proxy connections, allowing
>
> clients --> Squid -- https(SSL) --> Another Squid --> Web server
again, would the clients be using SSL?

> And in both cases Squid can also optionally present a "client
> certificate" to the SSL peer, specified in squid.conf.
>
> Note: proxying of the original client certificate is not possible due to
> the man-in-the-middle scenario of these configurations.
I'm thinking this is ok sense I only need the certificate to carry through
the firewall afterwhich the SSL communication would need to end
internally.

> Regards
> Henrik

Thanks again. I understand that if I have to I can just resetup my internal
server config to run SSL where needed and really simply this situation. I
initially want to see if the option to avoid this exists(will exist).
Received on Fri Mar 21 2003 - 07:39:21 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:18 MST