Am 14.12.2012 01:23, schrieb David Touzeau:
For this cache_peer i need to squid just forward SSL requests (CONNECT
method) to the remote server and not re-encrypt the SSL in order to
let the remote web server establishing the SSL tunnel.
Is it possible to do that ?
Or when settings accel 443 port, all SSL web sites are mandatory
re-encrypted ?
If you do not decrypt the packets, you cannot see what is inside. Squid
is a HTTP proxy. If it does not decrypt the packet, it will never see a
CONNECT or any other HTTP command...
What you want ist packet forwarding at the firewall level, in better
words, destination network address translation. But this means you are
exposing the backend HTTPS server with its operating system's network
stack directly to the outside.
HTH, Jakob Curdes
