On 5/05/2015 4:08 p.m., Chris Bennett wrote: > Hi there, > > I'm experimenting with WAN acceleration & block caching (wanproxy.org > for those interested). This works great for HTTP: > > client <-> squid1 <-> wanproxy <-> VPN <-> wanproxy <-> squid2 <-> inet > > With SSL, I suspect the data between squid and squid2 (in a > child/parent configuration) will be encrypted with a new tunnel (I > haven't tested it yet). If that is the case, is there anyway to > configure squid1 and squid2 to communicate in cleartext for the > child/parent communication? Squid will not permit HTTPS decrypted requests over un-encrypted channels. If it does thats a bug we need to fix ASAP. However, explicit proxies can receive TLS connections. The two proxies will happily use those connections for any type of traffic, including ones like https:// with special security requirements. * Configure the squid2 with an https_port for receiving regular proxy traffic (but over TLS/SSL). * Configure the squid1 cache_peer parent line with "ssl" option (and any supporting options that may be required or desired). Note that for proper security these cache_peer links can be setup with self-signed certificates, doing both server and client certificate authentication. Which is the proper usage TLS was designed for and cannot be MITM'd. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
