On Mon, 2004-12-13 at 18:11, Henrik Nordstrom wrote:
> On Mon, 13 Dec 2004, Ow Mun Heng wrote:
>
> > So essentially this means that whatever's being transferred from the
> > client (via HTTPS), once it reaches the squid box, it will be sent
> > un-encrypted to the server?
>
> Lets put it this way:
>
> any requests accepted by the https_port directive is decrypted by Squid.
> All of this is only related to reverse proxies acting as web servers to
> the clients. In forward proxies to the Internet things works very
> differently using the CONNECT proxy method.
Right, exactly as I thought. hence, I presume, with the SSL update, then
squid can actually use the generated server-side cert and encrypt the
request to be forwareded to the backend server.
>
> > I believe all these are the requirements, if one were to run squid as a
> > surrograte proxy (in front) of a web-server (???)
> This because the SSL handshake
> involving client certificates requires a direct connection between the
> client and the server.
Again, with the SSL update the reasoning above would work.
(hmm.. Now, I need to figure out if Fedora's RPMS are patched for
SSL, not that I need it though)
-- Ow Mun Heng Gentoo/Linux on D600 1.4Ghz Neuromancer 18:19:55 up 9:14, 5 users, 0.35, 0.46, 0.40Received on Mon Dec 13 2004 - 03:23:23 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST