fre 2003-03-21 klockan 15.39 skrev mlister:
> Henrik I really appreciate the information you have provided me.
> I'd like to clarify your last post so that I can then make my next
> descision:
>
> > Squid-2.5 can provide SSL acceleration like
> >
> > clients -- https(SSL) --> Squid -- HTTP --> Web server
>
> here the clients would the clients use SSL? and above does
> "HTTP" signify running an httpd daemon on the squid box
> or is it just showing the HTTP proxy tunnel?
What is written ontop of the arrows signifies the protocol used for the
connection.
In Squid-2.5 acceleration with SSL clients use https(SSL) when speaking
to Squid and Squid uses plain HTTP when talking to the web server.
> > The use of https is also supported on peer proxy connections, allowing
> >
> > clients --> Squid -- https(SSL) --> Another Squid --> Web server
>
> again, would the clients be using SSL?
You can actually select any combination.
> > Note: proxying of the original client certificate is not possible due to
> > the man-in-the-middle scenario of these configurations.
>
> I'm thinking this is ok sense I only need the certificate to carry through
> the firewall afterwhich the SSL communication would need to end
> internally.
Who needs to know the client certificate? The Squid proxy or the real
web server?
> Thanks again. I understand that if I have to I can just resetup my internal
> server config to run SSL where needed and really simply this situation. I
> initially want to see if the option to avoid this exists(will exist).
Everything you need exists.
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Fri Mar 21 2003 - 08:27:20 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:18 MST