Fyi, as a workaround till the browsers do cleanly support SSL to a proxy, we used stunnel to accomplish exactly this, securing the traffic between the client and Squid. In our case, we have Squid running on a Windows server, and the SSL support wasn't stable for us, so for that reason (and other reasons I won't go into), we run stunnel on both ends -- but likely it would work just as well to simply point the workstation's stunnel directly at a Squid SSL port. Working like a charm. Glad to provide more details if it's of interest. -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Tuesday, September 21, 2010 10:34 PM To: squid-users@xxxxxxxxxxxxxxx Subject: EXTERNAL: Re: SSL between squid and client possible? On Tue, 21 Sep 2010 16:39:53 -0700, "David Parks" <davidparks21@xxxxxxxxx> wrote: > Can SSL be enabled between client and squid? > Example: An HTTP request to http://yahoo.com goes over SSL from client to > squid proxy, then standard HTTP from squid to yahoo and again secured from > squid to client on the way back? > It seems like this is only possible with reverse proxy setups, not typical > proxy forward traffic. > Just wanted to verify my understanding here. > Thanks, > David Squid will do this happily. https_port is the same as http_port but requires SSL/TLS on the link. The problem is that most web browsers won't do the SSL/TLS when talking to an HTTP proxy. Please assist with bugging the browser devs about this. https://bugzilla.mozilla.org/show_bug.cgi?id=378637. There are implications that they might do HTTP-over-SSL to SSL proxies, but certainly will send non-HTTP there and break those protocols instead. Amos
