• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Best way to reverse proxy ssl traffic (as distinct from https traffic)

Scheduled Pinned Locked Moved Cache/Proxy
3 Posts 2 Posters 285 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Andrew453
    last edited by Sep 12, 2020, 8:15 AM

    Hi. I'd be grateful for a pointer as to whether the below is possible please.

    I have an aging resource that needs to be accessed from the Internet but only supports the older (vulnerable) TLS standards.

    Yes, I could replace it, but in the interim I'd like to use a reverse proxy (eg squid) to proxy the traffic and repackage it into TLS 1.2 etc.

    I know squid can reverse proxy https (though I'm having trouble setting it up...) but can it also proxy pure ssl traffic?

    The resource does use https, but there are also other circumstances where it is operating using ssl (but not with https as the underlying payload).

    So in other words I want squid to receive the TLS 1.2 ssl traffic and without caring what it is, repackage it into TLS 1.1 for internal comms with the resource, and vice versa for outbound traffic.

    Is that possible please?

    1 Reply Last reply Reply Quote 0
    • A
      Andrew453
      last edited by Sep 12, 2020, 12:17 PM

      I think I've got it to go. It's not actually Squid I needed. It's HAProxy.

      It's now transparently encrypting in TLS1.2 when I try to access the resource.

      1 Reply Last reply Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator
        last edited by Sep 12, 2020, 12:27 PM

        Yeah haproxy would be better choice for sure. And with 2.5 and the update to openssl 1.1.1 you should be able to update to tls 1.3 even.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received