mån 2007-02-05 klockan 19:09 -0500 skrev Steve Kapp: > I am interested in b), having squid setup/teardown SSL connections to the > appropriate server so that the LAN traffic remains unencrypted. In the case > of b), will squid simply encapsulate the data and ignore the contents after > the SSL connection to the server has been established, or does it rely upon > the contents of the packet (i.e. is it well-formed HTTP)? In 'b' the client has to send the https:// request using HTTP to the proxy, just as it does for http://. GET https://www.example.com/path/to/file HTTP/1.1 [headers] It does not work for clients using the CONNECT method asking for a SSL tunnel over the proxy. 'b' and 'c' is pretty much the same thing. 'b' is clients knowing they should not run the SSL themselves and delegating this to the proxy. 'c' is emulating this by rewriting http:// URLs into https:// at the proxy. > Any sample configurations available for b)? None needed at the proxy for 'b'. It's "just" about degrading the client to not have any SSL capabilities and instead rely on the proxy to perform the SSL encryption.. As I said earlier it's also possible to extend Squid with the capability to decrypt CONNECT SSL proxy requests allowing inspection of https traffic. Contact me privately if you want a quote on implementing this feature. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel