Re: [SQU] SSL and transparent (or host acceleration) mode?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 07 Sep 2000 22:53:01 +0200

C. Regis Wilson wrote:

> Not transparently, you mean. It works in regular proxy mode.
> But I get the drift.

Thecnically Squid is not a SSL proxy. It is capable of tunneling SSL
when requested by browsers configured to use it as a "security proxy",
but not proxying in it's normal meaning. Normal Squid has no knowledge
of SSL what so ever.

Doing proxying of SSL makes limited sense as SSL is a encrypted
transport channel where the idea is that the traffic cannot be inspected
by a middlehand. The only thing a SSL proxy would possibly be able to
inspect is the validity of the encrypted data stream formatting, if
there is any such formatting visible outside the encryption/decryption.

As I said a SSL enabled Squid can act as a HTTPS -> HTTP gateway by
acting as the server endpoint of the SSL connection and then proxy the
HTTP request received over the SSL connection to another HTTP server.
Theoretically it could even apply SSL again to the backend connection,
but in most cases this is of very limited use. However it might be
useful if the backend connection is over untrusted networks. However the
SSL client code has not yet been implemented in Squid so this cannot be
done without at least a limited amount of coding.

--
Henrik Nordstrom
Squid hacker
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Sep 07 2000 - 15:09:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:14 MST