On Sun, Nov 22, 2009 at 8:57 PM, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> sön 2009-11-22 klockan 14:44 -0500 skrev Brian Mearns:
>> I'm using squid as a reverse proxy for both secure and non-secure
>> connections to an origin server with several name-based vhosts. Is
>> there anyway to have squid present a different certificate (to
>> clients) depending on which host the client is trying to reach,
>> without having it listen on multiple ports? For instance, I can do
>> this on my origin server using the SNI extension to TLS. Does squid
>> offer any such capabilities, or is there another good work around for
>> this?
>
>
> Squid do not yet support SNI.
>
> Proposed solution: Add SNI support to Squid.
>
> Regards
> Henrik
>
>
Fair enough, thank you.
For others' reference, my planned work around is to just use another
proxy front end that supports SNI (probably just a bare bones
installation of Apache), and just use it as a reverse proxy for squid.
With SNI support, my front end can use name based virtual hosting, and
then reverse-proxy each to a different port, so I can use separate
https_port directives in squid for each host (and therefore use a
different cert for each). Hopefully this doesn't add too much delay to
the line, so if anyone has any suggestions, they would certainly be
welcome.
-Brian
-- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.netReceived on Mon Nov 23 2009 - 02:52:36 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 23 2009 - 12:00:04 MST