<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA1 <br>
<br>
<br>
04.02.2015 3:30, Anton Radkevich пишет:<br>
<span style="white-space: pre;">> Guys,<br>
><br>
> I just need an HTTPS proxy that can handle both http and
https connections for authorised clients only. I tried to
configure something like it's described here
<a class="moz-txt-link-freetext" href="http://www.mail-archive.com/squid-users@squid-cache.org/msg93592.html">http://www.mail-archive.com/squid-users@squid-cache.org/msg93592.html</a><br>
> Forward HTTPs proxy with digest_pw_auth for example.<br>
><br>
> But I am getting the same error clientNegotiateSSL: Error
negotiating SSL connection on FD 6: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) if I try to
open a website (http or https) with proxy enabled on browser
settings: protocol https, server proxy-squid.com
<a class="moz-txt-link-rfc2396E" href="http://proxy-squid.com"><http://proxy-squid.com></a>, port 3129, test:test
(user/password)</span><br>
Hmmmmm. This means you try to put HTTP requests over HTTPS port. You
need different Squid ports for HTTP and HTTPS. I'm afraid, you
cannot pass both protocols over one port.<br>
<br>
<span style="white-space: pre;">><br>
> If I understood correctly from our communication its not
possible to configure squid like it described above. Or ther<br>
><br>
> browser(proxy settings: protocol - https, server
-proxy-squid.com <a class="moz-txt-link-rfc2396E" href="http://proxy-squid.com"><http://proxy-squid.com></a>, port -3129,
test:test (user/password)) <------> Squid Server (https_port
3129 with certificate)<--------HTTP or HTTPS
connection-------> Destination<br>
><br>
> Description of the connection flow:<br>
> 1. a client set proxy settings of his browser settings:
https, server:port, user:password<br>
> 2. a clients credentials were verified by squid server,
browser asks the proxy to establish a virtual tunnel between
itself and remote server <br>
> 3. when a client enter <a class="moz-txt-link-freetext" href="https://example.com">https://example.com</a> or
<a class="moz-txt-link-freetext" href="http://example.com">http://example.com</a> then browser sends encrypted data through the
squid proxy <br>
><br>
> Anton<br>
><br>
><br>
> 2015-02-03 23:45 GMT+03:00 Eliezer Croitoru
<<a class="moz-txt-link-abbreviated" href="mailto:eliezer@ngtech.co.il">eliezer@ngtech.co.il</a> <a class="moz-txt-link-rfc2396E" href="mailto:eliezer@ngtech.co.il"><mailto:eliezer@ngtech.co.il></a>>:<br>
><br>
> Hey Anton,<br>
><br>
> If you use https_port with ssl certificate it will be for
one of two options:<br>
> - interception of ssl traffic<br>
> - reverse proxy with ssl<br>
><br>
> For both cases the connection between the server and the
client in the end will be encrypted while non of them is in a
forward proxy mode and there for will not provide and cannot
provide what you need\want.<br>
><br>
> Eliezer<br>
><br>
><br>
> On 03/02/2015 22:41, Anton Radkevich wrote:<br>
><br>
> Hey Eliezer,<br>
><br>
> Thank you for your explanation, just want to clarify.<br>
><br>
> Does it mean that if I configure squid to listen
https_port on port 3129<br>
> with ssl certificate, connection from a client to
squid server by port 3129<br>
> will be NOT encrypted?<br>
><br>
> Anton<br>
><br>
><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBAgAGBQJU0T8YAAoJENNXIZxhPexGdE4H/0/zBOkDtAp0+CaDHXdSUDqu
<br>
z96bEorW7rLEXusohVXImuevgSWnyxvpUmsJiN/0zu26MzDHQ4jc0XD1qmM7YZ5y
<br>
YQ1gFnHdemLLN1fwxWqsLepXPKsZkEuM8oon8kvXxNn6xwCpN7COyeXCGA7e0+FO
<br>
p3qcF0SC8vIge0NDFzf8uhh8utV/5RaTBKUNz5tsNxy861Qp+YliMltDYUgIGcwD
<br>
wwEHvSJhtedkQ69D1BDZSMKAILipQfDp4CZt4R02TrkGG4OZMK7c02NO9CCbJsLp
<br>
p4LERF66bClc/p667P+XFZpGOKmMbOEOivLFVgzGhVC56CwQitCHKjUHMbVi+hg=
<br>
=uxsh
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>