[squid-dev] Why squid would not allow non encrypted "https://" in a request?
Alex Rousskov
rousskov at measurement-factory.com
Wed Dec 23 22:30:04 UTC 2015
On 12/22/2015 09:08 PM, Eliezer Croitoru wrote:
> There was probably an issue with the network connectivity while I was
> testing since it works now.
Yes, Squid supports this. AFAIK, this feature is used in production
environments, with client SSL certificate-based authentication.
AFAIK, recent Firefox and Chrome releases support HTTPS proxies, but
your need a PAC file to configure Firefox (not sure about Chrome). I
hope Curl will support HTTPS proxies soon as well:
https://github.com/bagder/curl/pull/305
HTH,
Alex.
> On 22/12/2015 21:16, Eliezer Croitoru wrote:
>> I was wondering to myself about it for a while now.
>> A client can fetch http:/x/y using a regular netcat using squid or in
>> the case it wants to use squid for a TCP connection it will use a
>> CONNECT request.
>> But squid doesn't allow clients to use it as a fully trusted https
>> proxy, IE to send the next request to squid:
>> GET https://www.secured.example.com/ HTTP/1.1
>> Host: www.secured.example.com
>> Other-Headers: ...
>>
>> ..and possibly a body
>> ##END OF Request
>>
>> I do have a proxy program that supports this feature and one usage case
>> I do have in mind is some trusted\secured automated closed environment
>> which uses the proxy to access the external world and that the proxy is
>> the admin delegated ssl enforcement authority.
>>
>> I know that browsers do not implement this kind of a feature but I think
>> it should be a feature.
>>
>> I am looking for pros and cons of enabling such a feature.
>> pros:
>> - Allows full ssl delegation without any addition implications in the
>> client side ssl implementation.
>>
>> cons:
>> - Being transmitted over a non secured channel(IE plain text)
>>
>> Thanks,
>> Eliezer
>> _______________________________________________
>> squid-dev mailing list
>> squid-dev at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-dev
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
More information about the squid-dev
mailing list