----- Original Message ----- On 01/13/2010 10:30 AM, Dimitri Syuoul wrote: > Hello, > > Ive been reading over this new feature. It is unclear to me if this > can be used for transparently proxying SSL (by this I mean not > configuring any proxy in the computers of the clients.. it is ok if > clients get cert warnings).
Yes, SSL Bump can be used in a transparent environment. Due to a large number of certificate warnings, complex sites that use multiple secure servers on one page are barely usable without dynamic SSL certificate generation though. === Can you explain this part please? We currently have a production squid 2.6-20 server in non-transparent mode with AD authentication, to proxy http and https traffic for 600 users. As part of our migration to wireless, we are investigating going to an entirely transparent proxy, using WCCP2 on a Cisco C6500 to redirect traffic. I realize we will lose authentication, but instead plan to use ACLs based on source VLAN, and rely on DHCP/radius logs to track specific requests to user auth where necessary (not often). Our current server sees ~120 req/s with 600 users and a 1Gbps link (although usage is typically only 30Mbps sustained). Will SSL Bump and dynamic cert generation allow us to replace our current proxy with fully transparent on squid 3.1? Does the cert generation result in a performance hit? Thanks.
