Hi Giles,

Currently WRT clear text traffic:

- Clients set their web browsers to point to proxyssl.its.monash.edu.au: 80,

- this takes them via the CSM to the PROXYSSL farm

- After getting authenticated, they browse the web etc, all working quite well

Currently WRT encrypted traffic:

- We are using a STUNNEL client on the user machines, which opens a TCP port on 8081

- all web traffic passes through this encrypted channel, gets load balanced via the CSM, to one of the real servers in the PROXYSSL farm which listens for connections on 8081

- The STUNNEL server working on the real servers in PROXYSSL FARM decrypts the traffic on 8081 and forwards it to port 8080

- This works well

Because of the load on the real servers in the PROXYSSL farm, we're looking to move to the SSL module for the encryption & decryption of traffic.

Couple of questions

- Having setup:

* the Server Farm (FARM-PROXY-SSL)

* the SSL Module Farm (PROXYSSLFARM)

* the clear VIP (VPROXYSSL-80)

* the decrypt VIP (PROXYSSL-DECVIP)

* the SSL VIP (PROXYSSL-SSLVIP)

* and the ssl-proxy service on the SSLM (STUNNEL)

I've noticed that when i point my browser to proxyssl.its.monash.edu.au 8080, there is activity: browser saying connecting to...., but it doesn't get anywhere!

On the CSM, doing a "sh mod csm vserv" i can see that PROXYSSL-SSLVIP gets the connections.

What is the best way to deal with HTTP Proxy servers using the SSLM to encrypt the traffic between the client and the SSLM?

Would it be worth trying to use STUNNEL and the SSLM? (i dont think this would work too well)

I've attached the SSL and CSM configs.

Be useful if you were able to point out anything that i should change in the config or look at.

thanks,

Sheldon