I have downloaded the patch and will install it. After I have done this do I configure the https_port option (https_port 443 cert=/usr/local/squid/ssl/test_cert.pem key=/usr/local/squid/ssl/test_key.pem) or do I configure the http_port option (http_port 443)? Once I have installed and configured the ssl patch, will squid 'pass' the traffic on as http://my.domain:443 or as https://my.domain? Many thanks Paolo Biancolli -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: 31 March 2006 01:57 PM To: Paolo Biancolli Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Accelerator Mode question fre 2006-03-31 klockan 08:56 +0200 skrev Paolo Biancolli: > Thanks for the reply. Does this mean if I need to authenticate to a > server over ssl through a squid reverse proxy, I won't be able to as > the ssl session terminates at squid and then a new one starts up to > the backend server? You can't use a client-side certificate as user authentication to the backend server no. But in theory can it be used for identification purposes to Squid, and Squid can even provide it's own client-side certificate for authenticating Squid to the backend server. I say in theory above about client side certificate authentication to Squid as the implementation of certificate validation isn't fully finished and some work remains. > Where can I get the ssl patch from? devel.squid-cache.org. Regards Henrik
