Re: [squid-users] Web client not capable of SSL

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Sun, 02 May 2010 22:43:15 +0200

sön 2010-05-02 klockan 13:43 +0200 skrev D.Veenker:
> My web client is not capable of SSL and definitely no client certificates.
>
> - Can Squid do all the SSL-work in a transparent way, including the
> client cerificates?

Yes.

> - How does the config look like?

Depends, but based on your later response it can be done two ways

a) Via a cache_peer for the site in question, using the ssl and
originserver options, and port 443 instead of 80. You can also specify
the client certificate here. In addition to cache_peer you also need to
specify never_direct for this site to force Squid to always use the
cache_peer.

b) By using an url rewriter helper to rewrite the request to https://
instead of http://. But gets a little messier to configure which client
certificate Squid should use here as there is only a global setting and
not per requested site like when using cache_peer.

> - Do a need to recompile Squid with --enalble-ssl?

Yes. Your Squid needs native SSL support to be able to wrap HTTP
requests in SSL. Tunnel mode is not sufficient for this.

Regards
Henrik
Received on Sun May 02 2010 - 20:43:19 MDT

This archive was generated by hypermail 2.2.0 : Tue May 04 2010 - 12:00:03 MDT