Yes, you can decrypt and proxy SSL traffic in forward mode. Typically
(always?) this is done in transparent mode.
http://trafficserver.readthedocs.org/en/latest/admin-guide/configuration/transparent-forward-proxying.en.html
You need to do the same termination of the SSL connection on the ATS box
that is described for reverse proxy. Basically you are setting up a
Man-in-the-middle on the SSL stream. Your client will need to trust
your version of the certificate for this to work.
On 3/30/2016 1:29 AM, Karthik Sivaraman wrote:
Hi
Is there any existing support for SSL decryption in forward proxy mode of
trafficserver? I could not find any documentation around this. We want to scan
all traffic that emanate from our network.
The only relevant feature I found was SSL termination for reverse proxy mode
but it was not clear whether this would work for forward proxy.
Thanks
Karthik
