Re: [squid-users] Squid use SSL ALWAYS?

From: Bryan Richter <bryanr@dont-contact.us>
Date: Wed, 28 Jun 2006 14:20:15 -0700

Aaron Gray wrote:
> It sounds like based on what you said, I should look into stunnel. My
> basic reason behind this is that some places I go, they are still able to
> sniff the traffic and determine what it is I am doing. My Squid proxy
> server is in a co-lo so I am not concerned about the squid server to the
> website, only squid to my desktop client traffic. I want all that to
> appear as jibberish encrypted gabbledygook (thats a technical term!) :P

You could have Squid listen on port 443, using https, and have clients
connect with https, right? Squid can still use http to talk to your
servers, too. It would also be simple to have a webserver redirecting http
requests to https (Google "redirect http to https"), so clients wouldn't
have to change their browsing habits.

This is exactly what I am in the process of setting up for myself. The
relevant settings are:

    https_port x.x.x.x:443 cert=certfile key=keyfile
    ...
    httpd_accel_port 80

Note that this requires a version of Squid that supports https connections.

I mention this because, from personal experience, I would recommend against
using stunnel for web traffic. In our setup it was extremely slow, with
lots of broken images per page.

-Bryan
Received on Wed Jun 28 2006 - 15:20:23 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:02 MDT