On Mon, 10 Oct 2005, Ibrahim Calisir wrote:
I have googled and read nearly all the messages that are related to ssl+squid+auth, however I reached a point that squid https_port is not used as proxy port (according to message send to as an answer for "SSL Error: clientNegotiateSSL: Error negotiating SSL connection on.." in Wed, 21 Jan 2004 19:05:44 +0100 (CET) ). And I have discovered error message "SSL Error: clientNegotiateSSL: Error negotiating SSL connection on.." from my cache.log. However I want to use ssl+ldap authentication in my squid.
ssl is mainly useful when Squid is used as a reverse-proxy infront of your web servers. In such setups you install the servers SSL certificate in your Squid and let Squid handle the SSL encryption/decryption.
client requesting https://name.pointing.to.squid/ -> Squid -> your web server
It's use in Internet proxies is somewhat limited as there is no browsers supporting SSL encrypted HTTP proxies. But stunnel or other SSL wrapper client can be used to extend the client with SSL support if needed (but requires installation and configuration on each client).
stunnel running on loopback interface port XXXX with SSL tunnel to the https_port of your Squid
client configured to use stunnel as proxy. client -> [unencrypted] -> stunnel -> [SSL encrypted] -> Squid Regards Henrik
