Re: AW: [squid-users] HTTP/1.1 reverse Proxy over SSL?

From: Robert Collins <[email protected]>
Date: Fri, 03 Oct 2003 17:52:13 +1000

On Thu, 2003-10-02 at 20:55, mailinglists wrote:
> Hi
>
> I know that Squid 2.5 doesn't support host headers if used in a ssl environment as yours.
> What you intend to do can be done if you use 1 squid box per 1 M$ www box.
> However I unfortunately can't say anything about Squid 3.0.

Usage of Host headers with SSL (as opposed to TLS) is impossible without
generating certificate verification failures, as the Host header is
handed over -after- the SSL negotiation. What you can do is bind
multiple IP aliases to the squid box, and have squid listen on each ip
with a different certificate. I.e. no need for multiple squids to have
multiple ssl sites.

Rob

-- 
GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.

Received on Fri Oct 03 2003 - 01:52:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:17 MST