how to use the packaged squid for httpS ?

James Gray james at
Fri May 23 23:18:50 UTC 2008

On 24/05/2008, at 7:29 AM, Mihamina Rakotomandimby (R12y) wrote:

> Hi,
> I would like to setup an HTTPS proxy just with packages.
> I already setup a just-HTTP one successfully, but I saw that the
> available version has no ssl enabled...
> Any howto just using packages?

The SSL implementation in Squid is for when you are running a reverse  
proxy in front of a server farm and want to use SSL for those  
servers.  This is a rather unique use case and I'm guessing not what  
you're after.  If you are trying to cache SSL content for outbound  
clients on a LAN, etc, then the simple answer is, you can't.  HTTP  
wont allow it, and nor should it.  If you actually think about what is  
happening if you cache SSL content on a proxy, it becomes clear why  
you can't without breaking the end-to-end security of an SSL  
connection.  The proxy becomes a "man in the middle".

Squid can proxy SSL connections, but can't cache them.  All it really  
does with SSL connections is pass them through without modification.   
This will allow you to audit the sites users access (both where, when  
and how much data) but you wont be able to see *what* they access (the  
payloads etc).  You can't transparently proxy SSL either - same  
problem as caching SSL content.  You need to specifically configure  
the browser to use a proxy and then SSL through squid will work quite  
well; there's no special configuration needed for clients to use a  
squid proxy with SSL sites.

Hope this answers your question :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2417 bytes
Desc: not available
URL: <>

More information about the ubuntu-users mailing list