Search squid archive

Re: ssl cerficiate for squid and e2guardian

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 27/11/2015 12:53 p.m., xxiao8 wrote:
> Both E2guardian and Squid now support SSL, how can they work together?

Depends. There are many possibilities.

> Can they share a single ssl certificate to avoid sslbump-encode-decode
> twice?

TLS requires that the HTTP messages are encrypted every time they travel
over a network connection. That includes when sending over connections
between two proxies. Even when sharing a certificate they would still
encode/decode twice.


Bumping twice is actually the *ideal* situation.

Sending to a cache_peer eliminates the ability of Squid's mimic feature
to help protect against as-yet undiscovered TLS and certificate issues
on origin servers.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux