> Who needs to know the client certificate? The Squid proxy or the real > web server? the squid_proxy<->FIREWALL<->squid_proxy portion.
Thanks again Henrik, I'll get squid upgraded. ----- Original Message ----- From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "mlister" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, March 21, 2003 10:25 AM Subject: Re: [squid-users] SSL<->SSL<->unencrypted, (was: provide external access) > fre 2003-03-21 klockan 15.39 skrev mlister: > > Henrik I really appreciate the information you have provided me. > > I'd like to clarify your last post so that I can then make my next > > descision: > > > > > Squid-2.5 can provide SSL acceleration like > > > > > > clients -- https(SSL) --> Squid -- HTTP --> Web server > > > > here the clients would the clients use SSL? and above does > > "HTTP" signify running an httpd daemon on the squid box > > or is it just showing the HTTP proxy tunnel? > > What is written ontop of the arrows signifies the protocol used for the > connection. > > In Squid-2.5 acceleration with SSL clients use https(SSL) when speaking > to Squid and Squid uses plain HTTP when talking to the web server. > > > > The use of https is also supported on peer proxy connections, allowing > > > > > > clients --> Squid -- https(SSL) --> Another Squid --> Web server > > > > again, would the clients be using SSL? > > You can actually select any combination. > > > > Note: proxying of the original client certificate is not possible due to > > > the man-in-the-middle scenario of these configurations. > > > > I'm thinking this is ok sense I only need the certificate to carry through > > the firewall afterwhich the SSL communication would need to end > > internally. > > Who needs to know the client certificate? The Squid proxy or the real > web server? > > > Thanks again. I understand that if I have to I can just resetup my internal > > server config to run SSL where needed and really simply this situation. I > > initially want to see if the option to avoid this exists(will exist). > > Everything you need exists. > > -- > Henrik Nordstrom <[EMAIL PROTECTED]> > MARA Systems AB, Sweden >
