[squid-users] HTTPS support

j m acctforjunk at yahoo.com
Wed May 3 17:37:36 UTC 2017 

I should clarify things a bit.  I do realize SSH and squid are separate, but the problem I'm having is I cannot SSH into my home server from an organization that is apparently blocking SSH connections, for whatever reason, intentional or not.  I am, however, able to use a squid proxy that I run from my home server.  So the plan was to use SSH through the proxy.  VPNs are out of the question as this does not work.
I would only need to use my proxy from the desktop, so mobile is not required.  

>Squid v3.5 supports secure connections to the proxy. See "TLS / SSL
>Options" for the http_port directive (not the https_port directive!).

This is helpful since I was trying to use https_port.
      From: Alex Rousskov <rousskov at measurement-factory.com>
 To: "squid-users at lists.squid-cache.org" <squid-users at lists.squid-cache.org> 
Cc: j m <acctforjunk at yahoo.com>
 Sent: Wednesday, May 3, 2017 12:22 PM
 Subject: Re: [squid-users] HTTPS support
   
On 05/03/2017 10:57 AM, j m wrote:
> I wanted to set up a proxy on my home server for use from remote
> locations to use as a web proxy (of course) and also to run SSH over.

The "ssh" part is unrelated to Squid. Secure ssh separately from Squid.


> This means that basic auth is undesirable due to the login being sent
> in clear text.  So, someone suggested digest auth, and I was happy.
>  But, now I'm finding that PuTTY and WinSCP do not support digest auth.
>  And consequently, I haven't found any other SSH clients that support
> digest. (sigh)

These problems will go away if you stop mixing Squid and ssh. Squid is
HTTP while PuTTY/WinSCP is SSH. You gain very little by trying to use
the same authentication mechanism for both protocols in your use case.


> So, I'm back to plan b, and that is to have a secure proxy connection so
> all browser-to-server communication is encrypted.

That is a good idea if all of your browsers support it. Popular browsers
support HTTPS-to-proxy on desktop, but I am not sure about their mobile
versions. You may have to jump through some hoops.


> So the question is, does
> anyone know if squid 3.5 on Ubuntu 16.04 supports secure connections?

Squid v3.5 supports secure connections to the proxy. See "TLS / SSL
Options" for the http_port directive (not the https_port directive!).

You can install Squid v3.5 on Ubuntu. I do not know whether the official
Ubuntu Squid package is built with the required support.


HTH,

Alex.



   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170503/11fd0074/attachment.html>

More information about the squid-users mailing list