Re: [squid-users] Re: Reverse Proxy SSL + Certificates

From: Ow Mun Heng <[email protected]>
Date: Mon, 13 Dec 2004 18:22:53 +0800

On Mon, 2004-12-13 at 18:11, Henrik Nordstrom wrote:
> On Mon, 13 Dec 2004, Ow Mun Heng wrote:
>
> > So essentially this means that whatever's being transferred from the
> > client (via HTTPS), once it reaches the squid box, it will be sent
> > un-encrypted to the server?
>
> Lets put it this way:
>
> any requests accepted by the https_port directive is decrypted by Squid.

> All of this is only related to reverse proxies acting as web servers to
> the clients. In forward proxies to the Internet things works very
> differently using the CONNECT proxy method.

Right, exactly as I thought. hence, I presume, with the SSL update, then
squid can actually use the generated server-side cert and encrypt the
request to be forwareded to the backend server.

>
> > I believe all these are the requirements, if one were to run squid as a
> > surrograte proxy (in front) of a web-server (???)

> This because the SSL handshake
> involving client certificates requires a direct connection between the
> client and the server.

Again, with the SSL update the reasoning above would work.

(hmm.. Now, I need to figure out if Fedora's RPMS are patched for
 SSL, not that I need it though)

--
Ow Mun Heng
Gentoo/Linux on D600 1.4Ghz 
Neuromancer 18:19:55 up 9:14, 5 users, 0.35, 0.46, 0.40 
Received on Mon Dec 13 2004 - 03:23:23 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:02 MST