trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam W. Dace" <>
Subject Re: Forward-Caching SSL Question
Date Tue, 26 Aug 2014 03:36:35 GMT
Thank you both for the information, I feel a ton better about giving things
a try now.



On Mon, Aug 25, 2014 at 10:25 PM, Alan M. Carroll <> wrote:

> Monday, August 25, 2014, 8:13:51 PM, you wrote:
> > I'm pretty sure the connection between browser and ATS when using SSL is
> unencrypted.
> If you use https:, then it should be encrypted. If you are in transparent
> mode, you likely don't have port 443 (SSL port) intercepted so it goes
> right by ATS without ATS noticing. If you're using an explicit proxy, the
> browser will connect to ATS and use the CONNECT method to set up a tunnel,
> in which case ATS will simply forward bytes.
> ATS can be set up to terminate SSL, but in that case you would need the
> private key for the certificate used for the origin server. In general,
> that's not possible. In this case you can have the inbound to ATS traffic
> encrypted and the outbound from ATS traffic encrypted or unencrypted. If
> you haven't set up certificates for ATS, it's not terminating SSL and it is
> not decrypting anything.
> You can do unencrypted to ATS and encrypted outbound, but that requires
> using remap to convert HTTP to HTTPS connections and in that case you would
> be using http: in the browser, not https:.

Adam W. Dace <>

Phone: (815) 355-7285
Instant Messenger: AIM & Yahoo! IM - colonelforbin74 | ICQ - #39374451
Microsoft Messenger - <>

Google Profile:

View raw message