[squid-users] question about encrypted connection between https client and Squid

Yuri Voinov yvoinov at gmail.com
Sun Mar 1 17:24:48 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


01.03.15 23:18, Julianne Bielski пишет:
> 
> I have an https client (not a browser) that normally connects to a
> reverse proxy. When it needs to go through a forward proxy, it
> requests a CONNECT tunnel. I now have a requirement to also be able
> to encrypt the connection between my client and the forward proxy,
> and I think this is possible using Squid and the https_port
> directive (??)
Yep.

> My question is, will my https client now have to decrypt twice?
> Once for the connection with the forward proxy and once for the
> connection with the reverse proxy?

Re-encryption will performs only in case SSL-bumped connections.

But now I still can't imagine your infrastructure and how it must work.

> Also, must my https client still send a CONNECT message to Squid,
> or does it just connect to Squid's https_port at the TCP level,
> perform the SSL handshake, and then open a TCP connection to the
> reverse proxy?

Still want to take a look on your infrastructure scheme.

> 
> Thanks,
> 
> J. Bielski
> 
> 
> 
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJU80tgAAoJENNXIZxhPexGVOwH/3Q9L9IfDrP02Lj+q5pvuC2B
+oyD8xTbTGkDsitgl7KUMArhQmWVjSQAgtKEia6xTk69HlODAvVvVYuKdKYWxi8p
PW49iThLwV0GTUzpu1VGIT625ENKxf1l08PoZU+MLi+O6ijClcOfsvb09qc/OPFZ
zqNvYv1h8e7d2fL1blo9NkGgYC3B42FPer/HKqgw1KskoOuwd9OrzaQRxK+ErXAK
/SvFpRJXJcDYsz0Iw3PHFLA34rs2pyAysGllkmH8n8QJzhnOhIdy/g3Hkk2sjqjz
JsVCuj0qf3VoWHx+lIN12Zet2eFF59ELpTM52IOohTlzhWcDEVEI+z0dQyGrUpg=
=j/gg
-----END PGP SIGNATURE-----


More information about the squid-users mailing list