On Tue, Mar 25, 2003, gili gili wrote about "SLL gateway": > I?m trying to set up a SLL gateway, what I mean is to create one server, > and behind him all my http & https server. The client connect to the ?SLL > gateway? in https, the ?SLL gateway? unwrap the https read the http header, > My questions are: > 1) Is this architecture looks reasonable, or am I fighting windmills???
I don't know if this is possible in squid, I never actually tried to use Squid with SSL, but it is certainly possible to run Apache + Mod_ssl in the mode you describe (if I understood correctly what you described). Another thing you'll need to worry about is that SSL work, especially the server-side RSA, is pretty slow, so unless you get a hardware acceleration card for SSL, the performance of this setup might disappoint you. Several companies also sell integrated devices which do the things you describe, which are called "SSL accelerators", and are probably better in performance, scalability, and security than some setup you'll concoct yourself in an afternoon. One of these companies is Radware (www.radware.com), an Israeli company I work for; Radware's SSL Accelerator is called "CertainT 100". > 3) If any one tried this kind of things (SLL reveres proxy, SLL wrappers, > etc), can U give me some millstones? "Stunnel" is a decent SSL wrapper. It might, or might not, be enough for your needs. P.S. It's "SSL" (Secure Socket Layer), not SLL. -- Nadav Har'El | Wednesday, Mar 26 2003, 22 Adar II 5763 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |I planted some bird seed. A bird came up. http://nadav.harel.org.il |Now I don't know what to feed it... ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
