On Sun, Nov 22, 2009 at 8:57 PM, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > sön 2009-11-22 klockan 14:44 -0500 skrev Brian Mearns: >> I'm using squid as a reverse proxy for both secure and non-secure >> connections to an origin server with several name-based vhosts. Is >> there anyway to have squid present a different certificate (to >> clients) depending on which host the client is trying to reach, >> without having it listen on multiple ports? For instance, I can do >> this on my origin server using the SNI extension to TLS. Does squid >> offer any such capabilities, or is there another good work around for >> this? > > > Squid do not yet support SNI. > > Proposed solution: Add SNI support to Squid. > > Regards > Henrik > > Fair enough, thank you. For others' reference, my planned work around is to just use another proxy front end that supports SNI (probably just a bare bones installation of Apache), and just use it as a reverse proxy for squid. With SNI support, my front end can use name based virtual hosting, and then reverse-proxy each to a different port, so I can use separate https_port directives in squid for each host (and therefore use a different cert for each). Hopefully this doesn't add too much delay to the line, so if anyone has any suggestions, they would certainly be welcome. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net
