Re: [squid-users] still having problems with Mircosoft Update

From: Kevin <kkadow@dont-contact.us>
Date: Thu, 4 Aug 2005 17:02:34 -0500

Are other SSL sites working for you?

To my knowledge, you cannot proxy SSL connections through a transparent
HTTP proxy at all -- you need to permit (not redirect) TCP/443 sessions
outbound via your packet filter or a TCP "plug proxy" when deploying squid
in transparent mode (One of many reasons I do not use transparent mode proxy).

When using an explicit proxy (client is configured or autoconfigured to know
that it needs to go to your squid service to proxy requests out) it is
possible to
proxy outbound HTTP/HTTPS/FTP sessions via Squid because the client is
aware that there is a proxy.

In any case, the SSL content cannot be cached, so the only advantages of
routing the HTTPS traffic through squid are unified logging and access control.

Kevin Kadow
Received on Thu Aug 04 2005 - 16:02:42 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT