If you are talking about accelerators or surrogates then please say so.
The rules for those are very different compared to a normal proxy.
For SSL accelerator support in Squid, see
http://squid.sourceforge.net/projects.html#ssl
-- Henrik Nordstrom Squid hacker Paul Boyer wrote: > > The way I understand the initial question was to proxy SSL WITH > BROWSER KNOWLEDGE. > this would be of great help for example in accelerator mode : > > client --- ssl ---> Squid --- http ---> server > > 1- The web server would not have to handle the encryption task: gain > of performance and possibility to use an existing web server without > good ssl support > 2- The traffic could be monitored for hostile activity by an intrusion > detection tool (lets say snort) on the hub between the squid and the > Web server > > I agree with you, that kind of tool would also be usefull for some bad > guys willing to set-up a man-in-the-middle attack. > > Anyway, Macrosoft "proxy server" can do it, since several years. > > Paul Boyer > > Henrik Nordstrom wrote: > > > > senthilvasan wrote: > > > > > > I realise that squid can only tunel SSL. Do you know any other SSL proxy > > > that works like a real proxy, (decrypts and encrypts in the proxy level)? If > > > I find such a proxy, all my problems will be solved.. > > > > As I said that you CANNOT DO THAT unless you first cracking the SSL > > encryption. The browser will reject the SSL connection if thouched by > > any host now knowing the private encryption key of the server. > > > > It is not a matter of Squid. It is a matter of how SSL works. > > > > -- > > Henrik Nordstrom > > Squid hacker > > > > -- > > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Nov 01 2000 - 14:29:30 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:13 MST