[squid-dev] Why squid would not allow non encrypted "https://" in a request?
Eliezer Croitoru
eliezer at ngtech.co.il
Tue Dec 22 19:16:07 UTC 2015
I was wondering to myself about it for a while now.
A client can fetch http:/x/y using a regular netcat using squid or in
the case it wants to use squid for a TCP connection it will use a
CONNECT request.
But squid doesn't allow clients to use it as a fully trusted https
proxy, IE to send the next request to squid:
GET https://www.secured.example.com/ HTTP/1.1
Host: www.secured.example.com
Other-Headers: ...
..and possibly a body
##END OF Request
I do have a proxy program that supports this feature and one usage case
I do have in mind is some trusted\secured automated closed environment
which uses the proxy to access the external world and that the proxy is
the admin delegated ssl enforcement authority.
I know that browsers do not implement this kind of a feature but I think
it should be a feature.
I am looking for pros and cons of enabling such a feature.
pros:
- Allows full ssl delegation without any addition implications in the
client side ssl implementation.
cons:
- Being transmitted over a non secured channel(IE plain text)
Thanks,
Eliezer
More information about the squid-dev
mailing list