RE: [squid-users] Accelerator Mode question

From: Paolo Biancolli <[email protected]>
Date: Fri, 31 Mar 2006 16:35:44 +0200

I have downloaded the patch and will install it.

After I have done this do I configure the https_port option (https_port
443 cert=/usr/local/squid/ssl/test_cert.pem
key=/usr/local/squid/ssl/test_key.pem) or do I configure the http_port
option (http_port 443)?

Once I have installed and configured the ssl patch, will squid 'pass'
the traffic on as http://my.domain:443 or as https://my.domain?

Many thanks
Paolo Biancolli

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: 31 March 2006 01:57 PM
To: Paolo Biancolli
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Accelerator Mode question

fre 2006-03-31 klockan 08:56 +0200 skrev Paolo Biancolli:

> Thanks for the reply. Does this mean if I need to authenticate to a
> server over ssl through a squid reverse proxy, I won't be able to as
> the ssl session terminates at squid and then a new one starts up to
> the backend server?

You can't use a client-side certificate as user authentication to the
backend server no. But in theory can it be used for identification
purposes to Squid, and Squid can even provide it's own client-side
certificate for authenticating Squid to the backend server.

I say in theory above about client side certificate authentication to
Squid as the implementation of certificate validation isn't fully
finished and some work remains.

> Where can I get the ssl patch from?

devel.squid-cache.org.

Regards
Henrik
Received on Fri Mar 31 2006 - 07:36:14 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:05 MST