[squid-users] ssl-bump and accel

Nir Krakowski nir.kra at gmail.com
Tue Jan 5 20:03:09 UTC 2016


because the destination IP is the actual machine IP.
eg: /etc/hosts
mail.google.com 10.0.0.250

that at 10.0.0.250

as for the ssl certificate, I hope to self sign with a made up root CA.

Nir.


On Tue, Jan 5, 2016 at 9:44 PM, Antony Stone <
Antony.Stone at squid.open.source.it> wrote:

> On Tuesday 05 January 2016 at 20:30:06, Nir Krakowski wrote:
>
> > how can you combine accel proxy with ssl-bump ?
>
> Have you looked at http://www.squid-cache.org/Doc/config/http_port/ ?
>
> You put the certificate (which would normally be on the web server) on the
> Squid server (because that's the machine terminating the request, as far as
> the client is concerned).
>
> You can have the connection between Squid and the real web server be HTTP
> (if
> it's over a secure network) or HTTPS, as you wish.
>
> If you don't own the certificate (and therefore can't put it, and it's
> corresponding private key, on the Squid server), then why are you doing
> accelerator mode?
>
>
> Antony.
>
> --
> Most people have more than the average number of legs.
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160105/381eef4f/attachment.html>


More information about the squid-users mailing list