On Thu, Jul 31, 2008 at 12:02 PM, Serge Egelman <egelman@xxxxxxxxxx> wrote: > Hi, > > I'm trying to set up squid to forward SSL connections. I previously had it > set up just as logging proxy for conducting laboratory usability studies (we > would configure the browsers on our lab machines to use the proxy, then I > could check the logs afterwards to see where people were going). So I know > it works for a minimal configuration. I'm working on a study now where I > need to inject a self signed certificate into an SSL session (I'm looking at > warning messages), but can't seem to get squid configured correctly (the > idea is that we'll have the lab machines use configured to use the proxy > again). > > I first tried https_port, but it didn't seem to listen on the port > (different port than for http_port, and it would listen on that port). When > I restarted it, it asked for the password on the key, so it was definitely > reading the directive. Though the port remained closed. > > I asked about this in IRC, and someone suggested I upgrade to 3.1 and use > sslBump. I tried this, however nothing happened. When I went to SSL > websites it still just used CONNECT. > > Any ideas on how I can do this? Am I going about it the wrong way? > > Thanks, > > serge > -- > /* > PhD Candidate > Carnegie Mellon University > > "Whoever said there's no such thing as a free lunch was never a grad > student." > > All views contained in this message, either expressed or implied, are the > views of my employer, and not my own. > */ > Hi Serge, I think in forward Proxy mode, most of the proxy servers do an SSL tunneling and donot actually read the https requests. So, I donot think this will be the case. This is because in forward proxy we have the Proxy server at the client's end and so we may not need the encrypted link between the proxy server and the client as proxy server is in the same network as clients.. It is between the Proxy server and the main servers ( hosting websites) that we have the SSL link.Because the proxy server connects to the main server through the internet. What you are talking about is probably the reverse proxy mode. Correct me if I am wrong. Thanks Karandeep Mali
