trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam W. Dace" <colonelforbi...@gmail.com>
Subject Re: Forward-Caching SSL Question
Date Tue, 26 Aug 2014 03:36:35 GMT
Thank you both for the information, I feel a ton better about giving things
a try now.

Regards,

Adam


On Mon, Aug 25, 2014 at 10:25 PM, Alan M. Carroll <
amc@network-geographics.com> wrote:

> Monday, August 25, 2014, 8:13:51 PM, you wrote:
>
> > I'm pretty sure the connection between browser and ATS when using SSL is
> unencrypted.
>
> If you use https:, then it should be encrypted. If you are in transparent
> mode, you likely don't have port 443 (SSL port) intercepted so it goes
> right by ATS without ATS noticing. If you're using an explicit proxy, the
> browser will connect to ATS and use the CONNECT method to set up a tunnel,
> in which case ATS will simply forward bytes.
>
> ATS can be set up to terminate SSL, but in that case you would need the
> private key for the certificate used for the origin server. In general,
> that's not possible. In this case you can have the inbound to ATS traffic
> encrypted and the outbound from ATS traffic encrypted or unencrypted. If
> you haven't set up certificates for ATS, it's not terminating SSL and it is
> not decrypting anything.
>
> You can do unencrypted to ATS and encrypted outbound, but that requires
> using remap to convert HTTP to HTTPS connections and in that case you would
> be using http: in the browser, not https:.
>
>


-- 
____________________________________________________________
Adam W. Dace <colonelforbin74@gmail.com>

Phone: (815) 355-7285
Instant Messenger: AIM & Yahoo! IM - colonelforbin74 | ICQ - #39374451
Microsoft Messenger - colonelforbin74@live.com <adam@turing.com>

Google Profile: https://plus.google.com/u/0/109309036874332290399/about

Mime
View raw message