Re: [squid-users] Reverse Proxy not re-encrypt SSL

From: Jakob Curdes <jc_at_info-systems.de>
Date: Fri, 14 Dec 2012 07:48:52 +0100

Am 14.12.2012 01:23, schrieb David Touzeau:
>
>
>
> For this cache_peer i need to squid just forward SSL requests (CONNECT
> method) to the remote server and not re-encrypt the SSL in order to
> let the remote web server establishing the SSL tunnel.
> Is it possible to do that ?
> Or when settings accel 443 port, all SSL web sites are mandatory
> re-encrypted ?
If you do not decrypt the packets, you cannot see what is inside. Squid
is a HTTP proxy. If it does not decrypt the packet, it will never see a
CONNECT or any other HTTP command...
What you want ist packet forwarding at the firewall level, in better
words, destination network address translation. But this means you are
exposing the backend HTTPS server with its operating system's network
stack directly to the outside.

HTH, Jakob Curdes
Received on Fri Dec 14 2012 - 06:49:01 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 14 2012 - 12:00:04 MST