Re: [squid-users] Re: ssl support

From: alp <alpheus@dont-contact.us>
Date: Fri, 13 Dec 2002 07:39:53 +0100

hi,
i am not sure if i have understood this correctly.
the ssl-update: is it for ssl-tunneling (via connect method) or also for
squid acting as a ssl-gateway.
can i use with the ssl-update (and squid as ssl-gateway) not only server
certificates on squid but also accepting client certificates.
or is the update only useful for ssl-tunneling?

moreover: i installed the ssl-patch and saw that a lot of new ssl-parameters
have been added together with a brief description.
but is there anywhere a documentation how to use them? e.g.: "clientca" in
relation to the https_port directive. (how have these cas to be used in
squid.conf???)
so it means to me that these client certificates may be used together with
ssl-gateway functionality!?

in addition, there are a lot new directives (ssl_proxy...). what is the
difference between these and the above mentioned concerning ssl-gateway
(cleintca, capath,...)

sorry for all these questions...but thx in advance,
alp

----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "alp" <alpheus@gmx.de>
Cc: <squid-users@squid-cache.org>
Sent: Thursday, December 12, 2002 5:10 PM
Subject: Re: [squid-users] Re: ssl support

tor 2002-12-12 klockan 16.22 skrev alp:
> hi, very interesting.
> these new features in the patch:Žare they ony for client-certificates or
> also for having encrypted both ways: client-squid and squid-client???

SSL is always encrypted both ways. SSL creates an encrypted tunnel over
TCP where traffic in both directions is encrypted.

The SSL update however also includes allowing Squid to act as a SSL
client when retreiving content if this is what you ask for (client-squid
and squid-server), with certificate support allowing Squid to present a
certificate to the server if needed.

Regards
Henrik
Received on Thu Dec 12 2002 - 23:40:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:04 MST