Hi! On Fri, May 7, 2010 at 2:14 PM, Baird, Josh <jbaird@xxxxxxxxxxx> wrote: > Ok, perhaps I misunderstood how CONNECT works. > > When Squid CONNECT's to a remote webserver via HTTPS, the tunnel is > created between the user and the remote server.. so is all data sent > over HTTPS (from the remote server to the client using the squid proxy)? When a client request a https page, it does a CONNECT method, and thus: squid opens the connection to the remote ip:port and start passing thru the data to the client's connection. That's all. If a client request a "normal" web page (http), all communication is unencrypted, from client to proxy and from proxy to remote server, and the server download things, and then send them to the client. > > Thanks, > > Josh > > -----Original Message----- > From: Baird, Josh > Sent: Friday, May 07, 2010 1:17 PM > To: 'squid-users@xxxxxxxxxxxxxxx' > Subject: HTTPS and Squid > > Typically, all of our proxy clients connect to our Squid servers via > HTTP (TCP/80). If they request a HTTPS site, Squid will CONNECT to the > site and tunnel the data back to the client via HTTP. > > I have a scenario now where the entire stream needs to be HTTPS: > > <User>----(HTTPS)----<Squid>-----(HTTPS)----<Destination Server on > Internet> > > How would I support this in Squid? Would I need to add a "https_port" > and install a SSL certificate on the proxy server? Would the proxy > server then decrypt data from the <User> and rencrypt it using > <Destination Server's> SSL certificate on the way out to the Internet? > > Thanks, > > Josh > >
