[squid-users] How to setup a secure(!) squid proxy

startrekfan startrekfan75 at freenet.de
Wed Jan 13 16:10:33 UTC 2016 

It's a debian. But an ubuntu howto will also work with debian.
Here is the broken link:

I combined this two instructions:
http://wiki.squid-cache.org/Features/SslBump
http://wiki.squid-cache.org/Features/DynamicSslCert

(The latest stable squid on ubuntu is 3.4)


Message: 5
> Date: Wed, 13 Jan 2016 23:19:21 +1300
> From: Amos Jeffries <squid3 at treenet.co.nz>
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] How to setup a secure(!) squid proxy
> Message-ID: <569624A9.202 at treenet.co.nz>
> Content-Type: text/plain; charset=utf-8
>
> On 13/01/2016 10:16 p.m., startrekfan wrote:
> > Hello
> >
> > I need to setup a squid 3 proxy with https bumping. Unfortunately I'm not
> > very familiar with squid and https in general.
> >
> > I already perfomed the following steps:
> >
> > *1.) compile from source*
> > ./configure --with-openssl   --enable-ssl-crtd
> > make
> > make install
>
> You now have Squid pieces installed in the BSD default locations.
>
> >
> > *2.) configuration (http)*
> > I used this guide: https://help.ubuntu.com/community/Squid
> >
>
> Is this an Ubuntu system? if not the Ubuntu advice will be wrong.
>
> At the very least the advice to start installing Squid with "apt-get
> install apache2" is wrong.
>
>
>
> > *3.) configuration (https)*
> > I used this guide: http://wiki.squid-cache.org/ConfigExamp ...
> mpExplicit
>
> huh? what URL was that supposed to be?
>
> >
> > The server is now working for http and https, but is the server secure,
> too?
> >
> > Is the default config already secure or do I need to configure additional
> > security features? (e.g. things like cert validation, cert pinning, [dont
> > know what's importend], ...)
> >
>
> The default squid.conf perfoms HTTP securely. Without HTTPS. What your
> config does nobody can say without seeing what it is.
>
> Amos
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> ------------------------------
>
> End of squid-users Digest, Vol 17, Issue 43
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160113/b4588936/attachment.html>

More information about the squid-users mailing list