On Thu, 26 May 2005, Henrik Nordstrom wrote:
> On Tue, 17 May 2005 Angel del Peso Martin@marquina.sgae.es wrote:
>
>> we're trying to install squid 2.5 stable 6 on Red Hat Enterprise 3.0 as a
>> reverse proxy. We want to access several internal servers using the proxy
>> (
>> each server has its own different running certificate). What we want is
>> squid only to redirect the connections, so we don't have to install any
>> certificate on it. Is this possible? How can it be done?
>>
>> INTERNET->HTTPS->PROXY->HTTPS->INTERNAL SERVER (SERVER1.MYDOMAIN.COM)
>> INTERNET->HTTPS->PROXY->HTTPS->INTERNAL SERVER (SERVER2.MYDOMAIN.COM)
>
>
> For this you need Squid-3.0 (still under development), or squid-2.5 + SSL
> update patch and some tinkering..
Correction: For the above (SSL end-to-end browser to server) you can not
use Squid. You need a TCP plug or NAT allowing the client connections
directly to your servers.
Proxying of SSL in this manner is meaningless as the proxy only sees
encrypted garbage, and all the proxy knows about what was requested by the
client is the ip:port the client connected to (everything else is
encrypted, and only exchanged after the SSL certificate negotiation).
Regards
Henrik
Received on Thu May 26 2005 - 08:37:28 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:03 MDT