[squid-dev] Why squid would not allow non encrypted "https://" in a request?
Eliezer Croitoru
eliezer at ngtech.co.il
Wed Dec 23 04:08:51 UTC 2015
Answering to myself...
There was probably an issue with the network connectivity while I was
testing since it works now.
Eliezer
On 22/12/2015 21:16, Eliezer Croitoru wrote:
> I was wondering to myself about it for a while now.
> A client can fetch http:/x/y using a regular netcat using squid or in
> the case it wants to use squid for a TCP connection it will use a
> CONNECT request.
> But squid doesn't allow clients to use it as a fully trusted https
> proxy, IE to send the next request to squid:
> GET https://www.secured.example.com/ HTTP/1.1
> Host: www.secured.example.com
> Other-Headers: ...
>
> ..and possibly a body
> ##END OF Request
>
> I do have a proxy program that supports this feature and one usage case
> I do have in mind is some trusted\secured automated closed environment
> which uses the proxy to access the external world and that the proxy is
> the admin delegated ssl enforcement authority.
>
> I know that browsers do not implement this kind of a feature but I think
> it should be a feature.
>
> I am looking for pros and cons of enabling such a feature.
> pros:
> - Allows full ssl delegation without any addition implications in the
> client side ssl implementation.
>
> cons:
> - Being transmitted over a non secured channel(IE plain text)
>
> Thanks,
> Eliezer
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
More information about the squid-dev
mailing list