[squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication
Yuri Voinov
yvoinov at gmail.com
Tue Feb 3 20:42:53 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
No. It will be encrypted to both directions.
04.02.2015 2:41, Anton Radkevich пишет:
>
> Hey Eliezer,
>
> Thank you for your explanation, just want to clarify.
>
> Does it mean that if I configure squid to listen https_port on port
3129 with ssl certificate, connection from a client to squid server by
port 3129 will be NOT encrypted?
>
> Anton
>
> 03 февр. 2015 г. 23:23 пользователь "Eliezer Croitoru"
<eliezer at ngtech.co.il <mailto:eliezer at ngtech.co.il>> написал:
>
> On 03/02/2015 17:14, Anton Radkevich wrote:
>
> so just to be clear the connection flow will look like:
>
> browser <Encrypted Tunnel> Server <HTTP or HTTPS connection>
Destination
>
> where <Encrypted Tunnel> is probably some form of HTTPS
connection for
> support with the browser PAC
>
>
> Hey Anton,
>
> Squid do not support socks connection or any other form of encryption.
> The known options to encrypt the connection between the client and
the server are:
> - ssl vpn tunnel
> - ssh vpn tunnel
> - some other weird and special ways
>
> Since I am not familiar with all authentication methods I cannot
answer.
> On the other hand squid offers couple ways to authenticate and I
am sure that the choice between md5 or other sha algorithm is not
important if you are encrypting the connection between the server and
the client using a tunnel.
> If you wish to use some higher security levels you can use client
side certificates and pin IP addresses to the certificates.
>
> All The Bests,
> Eliezer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU0TLMAAoJENNXIZxhPexG5oQH+wST2zGmBB/QPJCMylsN8fSt
s9cLNvlJLyOR4WI+p6qy18JJijjuFsI54Ont3x/LAFKyrmrcGUnKZhPE/3S+Vcqk
zS/V7wpA7daTmUm697Dz0B34hlrVqjoUVUsINts/JE2pRCFA09crEzsFN/oWfPrQ
e5Ks5xjwqswJYtAX33r9qwsPyYjbsxZu0nMN/bNLWYvm58sU/prvCkS9M0pDMd0m
hVNLQ7Yr5xrkfMTZuEsXV8X2iM8um0voGih8LP4GU4h7VDOai2ScvJ6yXaH+P9rF
yi+0bg0lYpmBDlLB+yXBF02ZQ9etZv8AtEFZu9FepTyFbpiecds7IfbU9MBSgNA=
=JVZ0
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150204/3a7714e7/attachment.html>
More information about the squid-users
mailing list