[squid-users] RE: HTTPS and Squid

From: Baird, Josh <jbaird_at_follett.com>
Date: Fri, 7 May 2010 13:44:35 -0500

Ok, perhaps I misunderstood how CONNECT works.

When Squid CONNECT's to a remote webserver via HTTPS, the tunnel is
created between the user and the remote server.. so is all data sent
over HTTPS (from the remote server to the client using the squid proxy)?



-----Original Message-----
From: Baird, Josh
Sent: Friday, May 07, 2010 1:17 PM
To: 'squid-users_at_squid-cache.org'
Subject: HTTPS and Squid

Typically, all of our proxy clients connect to our Squid servers via
HTTP (TCP/80). If they request a HTTPS site, Squid will CONNECT to the
site and tunnel the data back to the client via HTTP.

I have a scenario now where the entire stream needs to be HTTPS:

<User>----(HTTPS)----<Squid>-----(HTTPS)----<Destination Server on

How would I support this in Squid? Would I need to add a "https_port"
and install a SSL certificate on the proxy server? Would the proxy
server then decrypt data from the <User> and rencrypt it using
<Destination Server's> SSL certificate on the way out to the Internet?


Received on Fri May 07 2010 - 18:44:42 MDT

This archive was generated by hypermail 2.2.0 : Sun May 09 2010 - 12:00:04 MDT