Hi!
On Fri, May 7, 2010 at 2:14 PM, Baird, Josh <jbaird_at_follett.com> wrote:
> Ok, perhaps I misunderstood how CONNECT works.
>
> When Squid CONNECT's to a remote webserver via HTTPS, the tunnel is
> created between the user and the remote server.. so is all data sent
> over HTTPS (from the remote server to the client using the squid proxy)?
When a client request a https page, it does a CONNECT method, and
thus: squid opens the connection to the remote ip:port and start
passing thru the data to the client's connection. That's all.
If a client request a "normal" web page (http), all communication is
unencrypted, from client to proxy and from proxy to remote server, and
the server download things, and then send them to the client.
>
> Thanks,
>
> Josh
>
> -----Original Message-----
> From: Baird, Josh
> Sent: Friday, May 07, 2010 1:17 PM
> To: 'squid-users_at_squid-cache.org'
> Subject: HTTPS and Squid
>
> Typically, all of our proxy clients connect to our Squid servers via
> HTTP (TCP/80). If they request a HTTPS site, Squid will CONNECT to the
> site and tunnel the data back to the client via HTTP.
>
> I have a scenario now where the entire stream needs to be HTTPS:
>
> <User>----(HTTPS)----<Squid>-----(HTTPS)----<Destination Server on
> Internet>
>
> How would I support this in Squid? Would I need to add a "https_port"
> and install a SSL certificate on the proxy server? Would the proxy
> server then decrypt data from the <User> and rencrypt it using
> <Destination Server's> SSL certificate on the way out to the Internet?
>
> Thanks,
>
> Josh
>
>
Received on Sat May 08 2010 - 04:19:49 MDT
This archive was generated by hypermail 2.2.0 : Sat May 08 2010 - 12:00:04 MDT