Re: Squid and SSL

Thought I'd add my 2c in.. :)

On Tue, 23 Mar 1999, Kathy Wu wrote:

[Squid FAQ: Squid tunnels SSL connections, use ssl_proxy for firewalled
squids]
>
> so does ssl_proxy directive does the SSL support? does it has any enryption
> scheme built in?

No. Squid acts as a tunnel only. It does not support SSL to itself, but
SSL connections work _via_ squid because it understands the CONNECT
method (allowing clients to establish a tunnel for an SSL session).

In a diagramatic way, it looks like this:

           S S L Connection
Client --------.-.-.-.---------> Origin
               (squid)

The client connects to squid and requests a tunnel to the origin server be
opened. Squid relays all data sent in both directions between the client
and the origin untouched. In that way, squid supports SSL connections for
clients.

But I think what you're really asking is not "does Squid support SSL" but
"does Squid support normal requests over SSL":
 
        SSL ?
Client ------ Squid ------ Origin

Where the client makes a normal request (GET, PUT etc) but does so over an
SSL connection to Squid. Squid then does whatever it has to (probably not
over SSL) to honor the request.

Squid does not support this. I understood there were no intentions to
support it either.

Hopefully this answers your questions :)

.------.-----------------------------------------------------.
| (__) | David Zanetti <dave2@earthling.net> |
| ( oo | Unix Systems Administrator, Wellington City Council |
| /\_| | Moderator, nz.politics.announce |
`------'-----------------------------------------------------'
Received on Tue Mar 23 1999 - 13:24:15 MST