[squid-users] question about encrypted connection between https client and Squid
Yuri Voinov
yvoinov at gmail.com
Sun Mar 1 17:24:48 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
01.03.15 23:18, Julianne Bielski пишет:
>
> I have an https client (not a browser) that normally connects to a
> reverse proxy. When it needs to go through a forward proxy, it
> requests a CONNECT tunnel. I now have a requirement to also be able
> to encrypt the connection between my client and the forward proxy,
> and I think this is possible using Squid and the https_port
> directive (??)
Yep.
> My question is, will my https client now have to decrypt twice?
> Once for the connection with the forward proxy and once for the
> connection with the reverse proxy?
Re-encryption will performs only in case SSL-bumped connections.
But now I still can't imagine your infrastructure and how it must work.
> Also, must my https client still send a CONNECT message to Squid,
> or does it just connect to Squid's https_port at the TCP level,
> perform the SSL handshake, and then open a TCP connection to the
> reverse proxy?
Still want to take a look on your infrastructure scheme.
>
> Thanks,
>
> J. Bielski
>
>
>
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU80tgAAoJENNXIZxhPexGVOwH/3Q9L9IfDrP02Lj+q5pvuC2B
+oyD8xTbTGkDsitgl7KUMArhQmWVjSQAgtKEia6xTk69HlODAvVvVYuKdKYWxi8p
PW49iThLwV0GTUzpu1VGIT625ENKxf1l08PoZU+MLi+O6ijClcOfsvb09qc/OPFZ
zqNvYv1h8e7d2fL1blo9NkGgYC3B42FPer/HKqgw1KskoOuwd9OrzaQRxK+ErXAK
/SvFpRJXJcDYsz0Iw3PHFLA34rs2pyAysGllkmH8n8QJzhnOhIdy/g3Hkk2sjqjz
JsVCuj0qf3VoWHx+lIN12Zet2eFF59ELpTM52IOohTlzhWcDEVEI+z0dQyGrUpg=
=j/gg
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list