On Mon, 2004-12-13 at 18:11, Henrik Nordstrom wrote: > On Mon, 13 Dec 2004, Ow Mun Heng wrote: > > > So essentially this means that whatever's being transferred from the > > client (via HTTPS), once it reaches the squid box, it will be sent > > un-encrypted to the server? > > Lets put it this way: > > any requests accepted by the https_port directive is decrypted by Squid.
> All of this is only related to reverse proxies acting as web servers to > the clients. In forward proxies to the Internet things works very > differently using the CONNECT proxy method. Right, exactly as I thought. hence, I presume, with the SSL update, then squid can actually use the generated server-side cert and encrypt the request to be forwareded to the backend server. > > > I believe all these are the requirements, if one were to run squid as a > > surrograte proxy (in front) of a web-server (???) > This because the SSL handshake > involving client certificates requires a direct connection between the > client and the server. Again, with the SSL update the reasoning above would work. (hmm.. Now, I need to figure out if Fedora's RPMS are patched for SSL, not that I need it though) -- Ow Mun Heng Gentoo/Linux on D600 1.4Ghz Neuromancer 18:19:55 up 9:14, 5 users, 0.35, 0.46, 0.40
