<p dir="ltr">Yuri,</p>
<p dir="ltr">I'd like to allow or deny access for a client before establishing of encrypted channel to proxy server using an authentication method of squid proxy.<br>
Can I setup any authentication method for https forward proxy? If yes, is it possible to use more secure hash algorithms than old md5?</p>
<p dir="ltr">Thanks, <br>
Anton</p>
<div class="gmail_quote">03 февр. 2015 г. 23:12 пользователь "Yuri Voinov" <<a href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a>> написал:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA1 <br>
<br>
As forward HTTPS proxy you can use no tricks. Just preroute HTTPS
traffic to Squid and permit method CONNECT with 443 port - Squid
forward HTTPS connections by design.<br>
<br>
I do not understand, what does authentication here. This is another
problem that is not related to proxying HTTPS.<br>
<br>
04.02.2015 2:06, Anton Radkevich пишет:<br>
<span style="white-space:pre-wrap">><br>
> Thanks for quick reply,<br>
> We don't need ssl bumping, or isn't it possible to configure
by another way, without using ssl bumping?<br>
><br>
> What's about authentication using modern hash algorithms
sha256/512?<br>
><br>
> Anton<br>
><br>
> 03 февр. 2015 г. 22:58 пользователь "Yuri Voinov"
<<a href="mailto:yvoinov@gmail.com" target="_blank">yvoinov@gmail.com</a> <a href="mailto:yvoinov@gmail.com" target="_blank"><mailto:yvoinov@gmail.com></a>>
написал:<br>
><br>
><br>
>
<a href="http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit" target="_blank">http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit</a><br>
><br>
> 04.02.2015 1:03, Anton Radkevich пишет:<br>
><br>
> > Hi everyone,<br>
><br>
> > Could you please help me with configuration Squid3 as
forward HTTPs proxy?<br>
><br>
> > Is it possible to configure it in such way?<br>
><br>
> > What we do need is a fully encrypted HTTPS forward proxy
that can handle HTTP or HTTPS connection AND uses authentication.<br>
><br>
> > so just to be clear the connection flow will look like:<br>
><br>
> > browser <Encrypted Tunnel> Server <HTTP or
HTTPS connection> Destination<br>
><br>
> > where <Encrypted Tunnel> is probably some form of
HTTPS connection for support with the browser PAC<br>
><br>
> > Also, for client auth, can we used more "modern" hashing
algorithms like sha256/512? md5 is old and collision prone at this
point.<br>
><br>
> > Thank you in advance!<br>
><br>
><br>
><br>
> > _______________________________________________<br>
> > squid-users mailing list<br>
> > <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank"><mailto:squid-users@lists.squid-cache.org></a><br>
> > <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank"><mailto:squid-users@lists.squid-cache.org></a><br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBAgAGBQJU0SusAAoJENNXIZxhPexGYKsH/0eRnm1ZEuzIGmibIQiP/BxU
<br>
+4qnPAmvu/nCVnemCrOVFDV/+49j/yCqjDtbdH1p6igCmjrzv2C11pgDP00IHs+l
<br>
kOL2O/65ubae3rL3EFNIX60daXOsEGZ6kOOOZ5Ik6hHfvOeT8YhdB9ryl+JoWtXB
<br>
DUVYPCsX+dsSmZHHC3fqjml7ZYG+rUb0K3Ipeq/khJibMqLzdJ6B4Vf+xeUqz+Nx
<br>
22YgaKx2ujsXgdIRzuz/HQfl5U9moGS0/iC5JEvq1TTmV8zk+7HFqJjVaKmL2Euk
<br>
9xvqTRPjfD7s7ZlqR/qtwwDxpYX6HbiGTLfYwAuDqtD2Ixj0CjgzLEeyGj6LvWs=
<br>
=wJWL
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</div>
</blockquote></div>