<p dir="ltr">Hey Eliezer, </p>
<p dir="ltr">Thank you for your explanation, just want to clarify.</p>
<p dir="ltr">Does it mean that if I configure squid to listen https_port on port 3129 with ssl certificate, connection from a client to squid server by port 3129 will be NOT encrypted?</p>
<p dir="ltr">Anton</p>
<div class="gmail_quote">03 февр. 2015 г. 23:23 пользователь "Eliezer Croitoru" <<a href="mailto:eliezer@ngtech.co.il">eliezer@ngtech.co.il</a>> написал:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 03/02/2015 17:14, Anton Radkevich wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
so just to be clear the connection flow will look like:<br>
<br>
browser <Encrypted Tunnel> Server <HTTP or HTTPS connection> Destination<br>
<br>
where <Encrypted Tunnel> is probably some form of HTTPS connection for<br>
support with the browser PAC<br>
</blockquote>
<br>
Hey Anton,<br>
<br>
Squid do not support socks connection or any other form of encryption.<br>
The known options to encrypt the connection between the client and the server are:<br>
- ssl vpn tunnel<br>
- ssh vpn tunnel<br>
- some other weird and special ways<br>
<br>
Since I am not familiar with all authentication methods I cannot answer.<br>
On the other hand squid offers couple ways to authenticate and I am sure that the choice between md5 or other sha algorithm is not important if you are encrypting the connection between the server and the client using a tunnel.<br>
If you wish to use some higher security levels you can use client side certificates and pin IP addresses to the certificates.<br>
<br>
All The Bests,<br>
Eliezer<br>
<br>
______________________________<u></u>_________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.<u></u>org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/<u></u>listinfo/squid-users</a><br>
</blockquote></div>