Re: [squid-users] Re: Reverse Proxy SSL + Certificates

From: Ow Mun Heng <[email protected]>
Date: Mon, 13 Dec 2004 10:56:43 +0800

On Fri, 2004-12-10 at 09:12, Henrik Nordstrom wrote:
> On Thu, 2 Dec 2004, David Delamarre wrote:
>
> > https_port 443
>
> You need to at an absolute minimum specify the SSL server certificate
> Squid should use while acceitping the SSL connection from the client.
>
> > client ======>reverse squid=====>Server
> > https https
>
> Squid-2.5 without SSL update is not capable of initiating SSL connections,
> only allowing you the following configuration
>
> client == HTTPS ==> squid == HTTP ==> Server

/Dumb question.

So essentially this means that whatever's being transferred from the
client (via HTTPS), once it reaches the squid box, it will be sent
un-encrypted to the server?

can you verify is this is true.

client --> Banking App (https) -->SquidBox --> BANK-Server (https)

Between squidbox and bank-server, is the communication encrypted?
(CONNECT?)

> This is required if your
> server require the use of client certificates etc as these can not be
> proxied.

I believe all these are the requirements, if one were to run squid as a
surrograte proxy (in front) of a web-server (???)

--
Ow Mun Heng
Gentoo/Linux on D600 1.4Ghz 
Neuromancer 10:53:14 up 1:47, 5 users, 0.24, 0.29, 0.42 
Received on Sun Dec 12 2004 - 19:59:35 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST