[squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication
Anton Radkevich
anton at radkevich.info
Tue Feb 3 20:20:38 UTC 2015
Yuri,
I'd like to allow or deny access for a client before establishing of
encrypted channel to proxy server using an authentication method of squid
proxy.
Can I setup any authentication method for https forward proxy? If yes, is
it possible to use more secure hash algorithms than old md5?
Thanks,
Anton
03 февр. 2015 г. 23:12 пользователь "Yuri Voinov" <yvoinov at gmail.com>
написал:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As forward HTTPS proxy you can use no tricks. Just preroute HTTPS traffic
> to Squid and permit method CONNECT with 443 port - Squid forward HTTPS
> connections by design.
>
> I do not understand, what does authentication here. This is another
> problem that is not related to proxying HTTPS.
>
> 04.02.2015 2:06, Anton Radkevich пишет:
> >
> > Thanks for quick reply,
> > We don't need ssl bumping, or isn't it possible to configure by another
> way, without using ssl bumping?
> >
> > What's about authentication using modern hash algorithms sha256/512?
> >
> > Anton
> >
> > 03 февр. 2015 г. 22:58 пользователь "Yuri Voinov" <yvoinov at gmail.com
> <mailto:yvoinov at gmail.com> <yvoinov at gmail.com>> написал:
> >
> >
> > http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
> >
> > 04.02.2015 1:03, Anton Radkevich пишет:
> >
> > > Hi everyone,
> >
> > > Could you please help me with configuration Squid3 as forward HTTPs
> proxy?
> >
> > > Is it possible to configure it in such way?
> >
> > > What we do need is a fully encrypted HTTPS forward proxy that can
> handle HTTP or HTTPS connection AND uses authentication.
> >
> > > so just to be clear the connection flow will look like:
> >
> > > browser <Encrypted Tunnel> Server <HTTP or HTTPS connection>
> Destination
> >
> > > where <Encrypted Tunnel> is probably some form of HTTPS connection for
> support with the browser PAC
> >
> > > Also, for client auth, can we used more "modern" hashing algorithms
> like sha256/512? md5 is old and collision prone at this point.
> >
> > > Thank you in advance!
> >
> >
> >
> > > _______________________________________________
> > > squid-users mailing list
> > > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> <squid-users at lists.squid-cache.org>
> > > http://lists.squid-cache.org/listinfo/squid-users
> >
> >
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> <squid-users at lists.squid-cache.org>
> > http://lists.squid-cache.org/listinfo/squid-users
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBAgAGBQJU0SusAAoJENNXIZxhPexGYKsH/0eRnm1ZEuzIGmibIQiP/BxU
> +4qnPAmvu/nCVnemCrOVFDV/+49j/yCqjDtbdH1p6igCmjrzv2C11pgDP00IHs+l
> kOL2O/65ubae3rL3EFNIX60daXOsEGZ6kOOOZ5Ik6hHfvOeT8YhdB9ryl+JoWtXB
> DUVYPCsX+dsSmZHHC3fqjml7ZYG+rUb0K3Ipeq/khJibMqLzdJ6B4Vf+xeUqz+Nx
> 22YgaKx2ujsXgdIRzuz/HQfl5U9moGS0/iC5JEvq1TTmV8zk+7HFqJjVaKmL2Euk
> 9xvqTRPjfD7s7ZlqR/qtwwDxpYX6HbiGTLfYwAuDqtD2Ixj0CjgzLEeyGj6LvWs=
> =wJWL
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150203/d6b699af/attachment.html>
More information about the squid-users
mailing list