[squid-users] ssl cerficiate for squid and e2guardian
Amos Jeffries
squid3 at treenet.co.nz
Fri Nov 27 06:39:41 UTC 2015
On 27/11/2015 12:53 p.m., xxiao8 wrote:
> Both E2guardian and Squid now support SSL, how can they work together?
Depends. There are many possibilities.
> Can they share a single ssl certificate to avoid sslbump-encode-decode
> twice?
TLS requires that the HTTP messages are encrypted every time they travel
over a network connection. That includes when sending over connections
between two proxies. Even when sharing a certificate they would still
encode/decode twice.
Bumping twice is actually the *ideal* situation.
Sending to a cache_peer eliminates the ability of Squid's mimic feature
to help protect against as-yet undiscovered TLS and certificate issues
on origin servers.
Amos
More information about the squid-users
mailing list