[squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication

Yuri Voinov yvoinov at gmail.com
Tue Feb 3 20:42:53 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
No. It will be encrypted to both directions.

04.02.2015 2:41, Anton Radkevich пишет:
>
> Hey Eliezer,
>
> Thank you for your explanation, just want to clarify.
>
> Does it mean that if I configure squid to listen https_port on port
3129 with ssl certificate, connection from a client to squid server by
port 3129 will be NOT encrypted?
>
> Anton
>
> 03 февр. 2015 г. 23:23 пользователь "Eliezer Croitoru"
<eliezer at ngtech.co.il <mailto:eliezer at ngtech.co.il>> написал:
>
>     On 03/02/2015 17:14, Anton Radkevich wrote:
>
>         so just to be clear the connection flow will look like:
>
>         browser <Encrypted Tunnel> Server <HTTP or HTTPS connection>
Destination
>
>         where <Encrypted Tunnel> is probably some form of HTTPS
connection for
>         support with the browser PAC
>
>
>     Hey Anton,
>
>     Squid do not support socks connection or any other form of encryption.
>     The known options to encrypt the connection between the client and
the server are:
>     - ssl vpn tunnel
>     - ssh vpn tunnel
>     - some other weird and special ways
>
>     Since I am not familiar with all authentication methods I cannot
answer.
>     On the other hand squid offers couple ways to authenticate and I
am sure that the choice between md5 or other sha algorithm is not
important if you are encrypting the connection between the server and
the client using a tunnel.
>     If you wish to use some higher security levels you can use client
side certificates and pin IP addresses to the certificates.
>
>     All The Bests,
>     Eliezer
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>     http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJU0TLMAAoJENNXIZxhPexG5oQH+wST2zGmBB/QPJCMylsN8fSt
s9cLNvlJLyOR4WI+p6qy18JJijjuFsI54Ont3x/LAFKyrmrcGUnKZhPE/3S+Vcqk
zS/V7wpA7daTmUm697Dz0B34hlrVqjoUVUsINts/JE2pRCFA09crEzsFN/oWfPrQ
e5Ks5xjwqswJYtAX33r9qwsPyYjbsxZu0nMN/bNLWYvm58sU/prvCkS9M0pDMd0m
hVNLQ7Yr5xrkfMTZuEsXV8X2iM8um0voGih8LP4GU4h7VDOai2ScvJ6yXaH+P9rF
yi+0bg0lYpmBDlLB+yXBF02ZQ9etZv8AtEFZu9FepTyFbpiecds7IfbU9MBSgNA=
=JVZ0
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150204/3a7714e7/attachment.html>


More information about the squid-users mailing list