[squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication

Anton Radkevich anton at radkevich.info
Tue Feb 3 20:41:23 UTC 2015


Hey Eliezer,

Thank you for your explanation, just want to clarify.

Does it mean that if I configure squid to listen https_port on port 3129
with ssl certificate, connection from a client to squid server by port 3129
will be NOT encrypted?

Anton
03 февр. 2015 г. 23:23 пользователь "Eliezer Croitoru" <eliezer at ngtech.co.il>
написал:

> On 03/02/2015 17:14, Anton Radkevich wrote:
>
>> so just to be clear the connection flow will look like:
>>
>> browser <Encrypted Tunnel> Server <HTTP or HTTPS connection> Destination
>>
>> where <Encrypted Tunnel> is probably some form of HTTPS connection for
>> support with the browser PAC
>>
>
> Hey Anton,
>
> Squid do not support socks connection or any other form of encryption.
> The known options to encrypt the connection between the client and the
> server are:
> - ssl vpn tunnel
> - ssh vpn tunnel
> - some other weird and special ways
>
> Since I am not familiar with all authentication methods I cannot answer.
> On the other hand squid offers couple ways to authenticate and I am sure
> that the choice between md5 or other sha algorithm is not important if you
> are encrypting the connection between the server and the client using a
> tunnel.
> If you wish to use some higher security levels you can use client side
> certificates and pin IP addresses to the certificates.
>
> All The Bests,
> Eliezer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150203/6a9a1f39/attachment-0001.html>


More information about the squid-users mailing list