Squid-2.5 can provide SSL acceleration like clients -- https(SSL) --> Squid -- HTTP --> Web server
Squid-3.0 will also provide https proxy capability on the backend, allowing clients --> Squid (decrypted) -- https(SSL) -> Web server This functionality is also available as a patch to Squid-2.5 from http://devel.squid-cache.org/ The use of https is also supported on peer proxy connections, allowing clients --> Squid -- https(SSL) --> Another Squid --> Web server And in both cases Squid can also optionally present a "client certificate" to the SSL peer, specified in squid.conf. Note: proxying of the original client certificate is not possible due to the man-in-the-middle scenario of these configurations. Regards Henrik mlister wrote: > > Its looking as if squid is only intended to use tunnel connections, ie. SSL > and that I couldn't do this kind of accelleration/conversion with squid > alone....... > > ----- Original Message ----- > From: "mlister" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, March 20, 2003 2:44 PM > Subject: [squid-users] SSL<->SSL<->unencrypted, (was: provide external > access) > > > This is great. I set up an accelerator box and its working. What I > would > > like to do next is talk SSL between two squid boxes (firewall will be in > > between them). > > The communication to the web server from SQUID2 should be > > unencrypted. > > > > [ accellerator ] <--> [ FIREWALL ] <--> [ accellerator ] > > <--> [ webserver ] > > <-SSL-> <-SSL-> <-SSL::UNENCRPTED-> > > <-UNENCRYPTED-> > > SQUID1 > > SQUID2 > > > > For now, I have two squid boxes running. The FIREWALL is currently not > > part of the setup > > for the sake of troubleshooting. The SQUID1 is accelerating SQUID2 which > > in turn is accellerating the webserver. This is working as far as > > unencrypted communication. > > when I try https from the first squid box , I believe its trying to do ssl > > with the webserver, > > which of course breaks. I added the following line in the configuration: > > https_port 443 cert=/etc/httpd/ssl.crt/server.crt > > key=/etc/httpd/ssl.key/server.key > > on SQUID1 > > > > Is this configuration possible? Thanks for any insight from anyone.
