On 27/11/2015 12:53 p.m., xxiao8 wrote: > Both E2guardian and Squid now support SSL, how can they work together? Depends. There are many possibilities. > Can they share a single ssl certificate to avoid sslbump-encode-decode > twice? TLS requires that the HTTP messages are encrypted every time they travel over a network connection. That includes when sending over connections between two proxies. Even when sharing a certificate they would still encode/decode twice. Bumping twice is actually the *ideal* situation. Sending to a cache_peer eliminates the ability of Squid's mimic feature to help protect against as-yet undiscovered TLS and certificate issues on origin servers. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
