Search squid archive

Re: SSLBump.. could it be used for transparent proxying?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- Original Message ----- 
On 01/13/2010 10:30 AM, Dimitri Syuoul wrote: 
> Hello, 
> 
> Ive been reading over this new feature. It is unclear to me if this 
> can be used for transparently proxying SSL (by this I mean not 
> configuring any proxy in the computers of the clients.. it is ok if 
> clients get cert warnings). 

Yes, SSL Bump can be used in a transparent environment. 

Due to a large number of certificate warnings, complex sites that use 
multiple secure servers on one page are barely usable without dynamic 
SSL certificate generation though. 

=== 

Can you explain this part please? We currently have a production squid 2.6-20 server in non-transparent mode with AD authentication, to proxy http and https traffic for 600 users. As part of our migration to wireless, we are investigating going to an entirely transparent proxy, using WCCP2 on a Cisco C6500 to redirect traffic. I realize we will lose authentication, but instead plan to use ACLs based on source VLAN, and rely on DHCP/radius logs to track specific requests to user auth where necessary (not often). 

Our current server sees ~120 req/s with 600 users and a 1Gbps link (although usage is typically only 30Mbps sustained). Will SSL Bump and dynamic cert generation allow us to replace our current proxy with fully transparent on squid 3.1? Does the cert generation result in a performance hit? 

Thanks. 



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux