<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA1 <br>
<br>
No. It will be encrypted to both directions.<br>
<br>
04.02.2015 2:41, Anton Radkevich пишет:<br>
<span style="white-space: pre;">><br>
> Hey Eliezer,<br>
><br>
> Thank you for your explanation, just want to clarify.<br>
><br>
> Does it mean that if I configure squid to listen https_port
on port 3129 with ssl certificate, connection from a client to
squid server by port 3129 will be NOT encrypted?<br>
><br>
> Anton<br>
><br>
> 03 февр. 2015 г. 23:23 пользователь "Eliezer Croitoru"
<<a class="moz-txt-link-abbreviated" href="mailto:eliezer@ngtech.co.il">eliezer@ngtech.co.il</a> <a class="moz-txt-link-rfc2396E" href="mailto:eliezer@ngtech.co.il"><mailto:eliezer@ngtech.co.il></a>>
написал:<br>
><br>
> On 03/02/2015 17:14, Anton Radkevich wrote:<br>
><br>
> so just to be clear the connection flow will look
like:<br>
><br>
> browser <Encrypted Tunnel> Server <HTTP or
HTTPS connection> Destination<br>
><br>
> where <Encrypted Tunnel> is probably some form
of HTTPS connection for<br>
> support with the browser PAC<br>
><br>
><br>
> Hey Anton,<br>
><br>
> Squid do not support socks connection or any other form
of encryption.<br>
> The known options to encrypt the connection between the
client and the server are:<br>
> - ssl vpn tunnel<br>
> - ssh vpn tunnel<br>
> - some other weird and special ways<br>
><br>
> Since I am not familiar with all authentication methods I
cannot answer.<br>
> On the other hand squid offers couple ways to
authenticate and I am sure that the choice between md5 or other
sha algorithm is not important if you are encrypting the
connection between the server and the client using a tunnel.<br>
> If you wish to use some higher security levels you can
use client side certificates and pin IP addresses to the
certificates.<br>
><br>
> All The Bests,<br>
> Eliezer<br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
<a class="moz-txt-link-rfc2396E" href="http://lists.squid-cache.org/listinfo/squid-users"><http://lists.squid-cache.org/listinfo/squid-users></a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBAgAGBQJU0TLMAAoJENNXIZxhPexG5oQH+wST2zGmBB/QPJCMylsN8fSt
<br>
s9cLNvlJLyOR4WI+p6qy18JJijjuFsI54Ont3x/LAFKyrmrcGUnKZhPE/3S+Vcqk
<br>
zS/V7wpA7daTmUm697Dz0B34hlrVqjoUVUsINts/JE2pRCFA09crEzsFN/oWfPrQ
<br>
e5Ks5xjwqswJYtAX33r9qwsPyYjbsxZu0nMN/bNLWYvm58sU/prvCkS9M0pDMd0m
<br>
hVNLQ7Yr5xrkfMTZuEsXV8X2iM8um0voGih8LP4GU4h7VDOai2ScvJ6yXaH+P9rF
<br>
yi+0bg0lYpmBDlLB+yXBF02ZQ9etZv8AtEFZu9FepTyFbpiecds7IfbU9MBSgNA=
<br>
=JVZ0
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>