Re: [squid-users] Reverse proxy with multiple SSL sites

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Mon, 09 Jun 2014 18:31:05 +0300

Hey Roberto,

Yes but with limitations.
Squid can use only one certificate per ip:port pair.
This leaves you with the only option of using squid with one certificate
that overlaps multiple domains in the form of "*.domain.com" which will
include all domain.com and subdomains.

There is a function which is not in use by squid that is called SNI
which allows the client to request a specific site\domain on the first
stages of the SSL negotiation which allows the service to send a
specific certificate as default and others in a case of a matched domain
from by SNI.

As far as I can tell and remember apache and nginx supports SNI.

Regards,
Eliezer

On 06/09/2014 06:15 PM, Roberto Carna wrote:
> Dear, just one question...is it possible to use a Squid reverse proxy
> with several SSL sites/certificates, all listening in TCP/443 in the
> same public IP ???
>
> Thanks a lot,
>
> Roberto
Received on Mon Jun 09 2014 - 15:33:05 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 09 2014 - 12:00:04 MDT