[squid-users] question about encrypted connection between https client and Squid
Julianne Bielski
bielsk at us.ibm.com
Sun Mar 1 17:45:48 UTC 2015
Normally my infrastructure looks like:
client -- HTTP CONNECT (not encrypted) ---> proxy
client ------ TCP tunnel ---> proxy --- TCP tunnel ---> reverse proxy
client --- HTTPS application payload ---------------> reverse proxy
Now I need it to look like:
client -------- HTTPS application payload ----> proxy ---- HTTPS
application payload ----> reverse proxy
From: Yuri Voinov <yvoinov at gmail.com>
To: squid-users at lists.squid-cache.org
Date: 03/01/2015 12:26 PM
Subject: Re: [squid-users] question about encrypted connection between
https client and Squid
Sent by: "squid-users" <squid-users-bounces at lists.squid-cache.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
01.03.15 23:18, Julianne Bielski пишет:
>
> I have an https client (not a browser) that normally connects to a
> reverse proxy. When it needs to go through a forward proxy, it
> requests a CONNECT tunnel. I now have a requirement to also be able
> to encrypt the connection between my client and the forward proxy,
> and I think this is possible using Squid and the https_port
> directive (??)
Yep.
> My question is, will my https client now have to decrypt twice?
> Once for the connection with the forward proxy and once for the
> connection with the reverse proxy?
Re-encryption will performs only in case SSL-bumped connections.
But now I still can't imagine your infrastructure and how it must work.
> Also, must my https client still send a CONNECT message to Squid,
> or does it just connect to Squid's https_port at the TCP level,
> perform the SSL handshake, and then open a TCP connection to the
> reverse proxy?
Still want to take a look on your infrastructure scheme.
>
> Thanks,
>
> J. Bielski
>
>
>
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU80tgAAoJENNXIZxhPexGVOwH/3Q9L9IfDrP02Lj+q5pvuC2B
+oyD8xTbTGkDsitgl7KUMArhQmWVjSQAgtKEia6xTk69HlODAvVvVYuKdKYWxi8p
PW49iThLwV0GTUzpu1VGIT625ENKxf1l08PoZU+MLi+O6ijClcOfsvb09qc/OPFZ
zqNvYv1h8e7d2fL1blo9NkGgYC3B42FPer/HKqgw1KskoOuwd9OrzaQRxK+ErXAK
/SvFpRJXJcDYsz0Iw3PHFLA34rs2pyAysGllkmH8n8QJzhnOhIdy/g3Hkk2sjqjz
JsVCuj0qf3VoWHx+lIN12Zet2eFF59ELpTM52IOohTlzhWcDEVEI+z0dQyGrUpg=
=j/gg
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150301/4a9c6c2d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150301/4a9c6c2d/attachment.gif>
More information about the squid-users
mailing list