<div dir="ltr">Guys,<div><br></div><div>I just need an HTTPS proxy that can handle both http and https connections for authorised clients only. I tried to configure something like it's described here <a href="http://www.mail-archive.com/squid-users@squid-cache.org/msg93592.html">http://www.mail-archive.com/squid-users@squid-cache.org/msg93592.html</a></div><div>Forward HTTPs proxy with digest_pw_auth for example.</div>
<div><br></div><div>But I am getting the same error clientNegotiateSSL: Error negotiating SSL connection on FD 6: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) if I try to open a website (http or https) with proxy enabled on browser settings: protocol https, server <a href="http://proxy-squid.com">proxy-squid.com</a>, port 3129, test:test (user/password)</div><div><br></div><div>If I understood correctly from our communication its not possible to configure squid like it described above. Or ther</div><div><br></div><div><span style="color:rgb(80,0,80);font-size:12.8000001907349px">browser(proxy settings: </span>protocol - https, server -<a href="http://proxy-squid.com">proxy-squid.com</a>, port -3129, test:test (user/password)) <------><span style="color:rgb(80,0,80);font-size:12.8000001907349px"> Squid Server (https_port 3129 with certificate)<--------HTTP or HTTPS connection-------> Destination</span><br></div><div><br></div><div>Description of the connection flow:</div>
<div>1. a client set proxy settings of his browser settings: https, server:port, user:password</div><div>2. a clients credentials were verified by squid server, browser asks the proxy to establish a virtual tunnel between itself and remote server </div><div>3. when a client enter <a href="https://example.com">https://example.com</a> or <a href="http://example.com">http://example.com</a> then browser sends encrypted data through the squid proxy </div><div><br></div><div>Anton</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-02-03 23:45 GMT+03:00 Eliezer Croitoru <span dir="ltr"><<a href="mailto:eliezer@ngtech.co.il" target="_blank">eliezer@ngtech.co.il</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hey Anton,<br>
<br>
If you use https_port with ssl certificate it will be for one of two options:<br>
- interception of ssl traffic<br>
- reverse proxy with ssl<br>
<br>
For both cases the connection between the server and the client in the end will be encrypted while non of them is in a forward proxy mode and there for will not provide and cannot provide what you need\want.<span class="HOEnZb"><font color="#888888"><br>
<br>
Eliezer</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
On 03/02/2015 22:41, Anton Radkevich wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hey Eliezer,<br>
<br>
Thank you for your explanation, just want to clarify.<br>
<br>
Does it mean that if I configure squid to listen https_port on port 3129<br>
with ssl certificate, connection from a client to squid server by port 3129<br>
will be NOT encrypted?<br>
<br>
Anton<br>
</blockquote>
<br>
<br>
</div></div></blockquote></div><br></div>