Hi ,
I noticed a while back that someone had asked if the latest squid , 2.6
could be coded to act as a ssl client . I was wondering if this task had
been undertaken yet. If not would someone from development interested
in this contact me directly? I may be willing to undertake or support
the development of this as my company has a rather large client that
seems to want it.
The scenario is this :
multiple internet clients w/out proxy configurations --->
1 transparent squid via https
1 transparent squid ssl client---> through internet firewall ----->
mutiple internal https webservers
The idea is to use squid as an encrypting psuedo vpn server that takes
internet clients and encrypts them with out added software load on the
client or on the webserver.
This , if it ever comes to be, would give us two things: tighter
control over internet firewall rules, and tcp connection control at the
proxy level to the webservers.
If we could get Authentication , ldap auth?, at the transparent proxy
between client and proxy before forwarding requests , that would be
swell too. (though this may involve forwarding requests from one squid
to another)
Unfortunately , i am aware of the man-in-the-middle problem here. but i
was thinking that if the certificate from the internal webservers could
be cached at the squid proxy and used by the "ssl client process" after
user authentication. For securities sake, all that may need to be sent
to the client initially is squid's own certificate and a request to fill
in the certificate passphrase of the internal webserver?.. I am very new
to this so if i have it wrong please tell me how it works.
I also have some question which i will post in other emails.
If anyone is interested in this and or has pointers or advice please
contact me. Any response is welcome as i am just starting to find out
what is possible and what is not here.
Madhav Diwan
mdiwan@wagweb.com
Received on Wed May 29 2002 - 12:50:23 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:15 MST