[squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication
Anton Radkevich
anton at radkevich.info
Tue Feb 3 21:30:43 UTC 2015
Guys,
I just need an HTTPS proxy that can handle both http and https connections
for authorised clients only. I tried to configure something like it's
described here
http://www.mail-archive.com/squid-users@squid-cache.org/msg93592.html
Forward HTTPs proxy with digest_pw_auth for example.
But I am getting the same error clientNegotiateSSL: Error negotiating SSL
connection on FD 6: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http
request (1/-1) if I try to open a website (http or https) with proxy
enabled on browser settings: protocol https, server proxy-squid.com, port
3129, test:test (user/password)
If I understood correctly from our communication its not possible to
configure squid like it described above. Or ther
browser(proxy settings: protocol - https, server -proxy-squid.com, port
-3129, test:test (user/password)) <------> Squid Server (https_port 3129
with certificate)<--------HTTP or HTTPS connection-------> Destination
Description of the connection flow:
1. a client set proxy settings of his browser settings: https, server:port,
user:password
2. a clients credentials were verified by squid server, browser asks the
proxy to establish a virtual tunnel between itself and remote server
3. when a client enter https://example.com or http://example.com then
browser sends encrypted data through the squid proxy
Anton
2015-02-03 23:45 GMT+03:00 Eliezer Croitoru <eliezer at ngtech.co.il>:
> Hey Anton,
>
> If you use https_port with ssl certificate it will be for one of two
> options:
> - interception of ssl traffic
> - reverse proxy with ssl
>
> For both cases the connection between the server and the client in the end
> will be encrypted while non of them is in a forward proxy mode and there
> for will not provide and cannot provide what you need\want.
>
> Eliezer
>
>
> On 03/02/2015 22:41, Anton Radkevich wrote:
>
>> Hey Eliezer,
>>
>> Thank you for your explanation, just want to clarify.
>>
>> Does it mean that if I configure squid to listen https_port on port 3129
>> with ssl certificate, connection from a client to squid server by port
>> 3129
>> will be NOT encrypted?
>>
>> Anton
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150204/17011737/attachment.html>
More information about the squid-users
mailing list