[squid-users] ssl-bump and accel
Nir Krakowski
nir.kra at gmail.com
Tue Jan 5 20:03:09 UTC 2016
because the destination IP is the actual machine IP.
eg: /etc/hosts
mail.google.com 10.0.0.250
that at 10.0.0.250
as for the ssl certificate, I hope to self sign with a made up root CA.
Nir.
On Tue, Jan 5, 2016 at 9:44 PM, Antony Stone <
Antony.Stone at squid.open.source.it> wrote:
> On Tuesday 05 January 2016 at 20:30:06, Nir Krakowski wrote:
>
> > how can you combine accel proxy with ssl-bump ?
>
> Have you looked at http://www.squid-cache.org/Doc/config/http_port/ ?
>
> You put the certificate (which would normally be on the web server) on the
> Squid server (because that's the machine terminating the request, as far as
> the client is concerned).
>
> You can have the connection between Squid and the real web server be HTTP
> (if
> it's over a secure network) or HTTPS, as you wish.
>
> If you don't own the certificate (and therefore can't put it, and it's
> corresponding private key, on the Squid server), then why are you doing
> accelerator mode?
>
>
> Antony.
>
> --
> Most people have more than the average number of legs.
>
> Please reply to the
> list;
> please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160105/381eef4f/attachment.html>
More information about the squid-users
mailing list