[squid-users] Https_port with "official" certificate
Yuri Voinov
yvoinov at gmail.com
Wed Aug 24 12:36:35 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
24.08.2016 18:32, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
>
>> 24.08.2016 18:23, Antony Stone пишет:
>>> On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
>>>> No one CA do not issue signing CA for subject, which is not CA itself.
>>>>
>>>> So, op wants impossible thing.
>>>
>>> Why would one need a signING certificate just to create an SSL
connection
>>> between the browser and Squid?
>>>
>>> Surely one merely needs a valid signED certificate, same as you would
>>> put on a web server to set up secure connections to it?
>>>
>>> OP is not intercepting secure traffic, nor making HTTP sites look to
>>> the browser like HTTPS ones.
>>
>> Then I do not understand what he wants op.
>
> He wants to configure his browser to connect to the proxy over an SSL
> connection, and then inside this secure connection send standard HTTP and
> HTTPS requests, just as a browser would do over an unsecured
connection to the
> proxy on Squid's standard port 3128.
Yeah, I get it. It seems to me, is absolutely crazy and insecure idea.
>
>
> It's nothing to do with whether either the client or the destination
server
> believe the web content itself to be secured with SSL/TLS.
>
> See "Encrypted browser-Squid connection" at the bottom of
> http://wiki.squid-cache.org/Features/HTTPS
>
>
> Antony.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXvZTTAAoJENNXIZxhPexG3n4H/0O+OLxWoxAIoVq4B2g33Ep0
Iz4JkLx542E4gQjCzhtO3Ikjxoh2VLwwkF/S6PZqNvmQg6dJ6sbZVSsUBtJa6h+6
dWCM6gEeH/xnO3B5krKw9t721fyMpQEmb2uKCLyDxpJHiJLGShifliFykfcZwJ+m
Vt7+bp1R4KWtYGfh/2QUyRwzReMqlEkuNIJ2/KHucuuEfMauOB/Gn42MsPQDxZKZ
I0eJmi4Eo8jzYKyC1ZLsZVPVqVSuMz152QYdhBuUb5AJo/DaWVuyEwmhP0MYmEbU
bSYzQh8FiKuTsrHKYoqqo6m7fLtbz2o5ouGP8kbq6l93E9JBsmBwSsR28Urzwyg=
=C3LP
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160824/3e00c8f5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160824/3e00c8f5/attachment.key>
More information about the squid-users
mailing list