On 5/05/2015 11:19 p.m., Chris Bennett wrote: > Hi Amos, > > Thanks for the quick reply. > >> However, explicit proxies can receive TLS connections. The two proxies >> will happily use those connections for any type of traffic, including >> ones like https:// with special security requirements. >> >> * Configure the squid2 with an https_port for receiving regular proxy >> traffic (but over TLS/SSL). >> >> * Configure the squid1 cache_peer parent line with "ssl" option (and any >> supporting options that may be required or desired). > > I don't think this would allow me to use wanproxy at any point on both > sides of the configuration though, or am I misunderstood? If you want wanproxy to be a party to the transactions you need it configured for TLS in its equivalent of what I said for squid2. The TLS explicit proxy connection then goes squid1->wanproxy and wanproxy becomes responsible for ensuring TLS end-2-end security. PS. we just got one big step closer to supporting CONNECT over next-hop proxies with some redesign in squid-4 today. But its still a ways off. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
