[squid-users] Https_port with "official" certificate

Alex Rousskov rousskov at measurement-factory.com
Wed Aug 24 15:02:27 UTC 2016


On 08/24/2016 06:36 AM, Yuri Voinov wrote:
> 24.08.2016 18:32, Antony Stone пишет:
>> He wants to configure his browser to connect to the proxy over an SSL
>> connection, and then inside this secure connection send standard HTTP and
>> HTTPS requests

> Yeah, I get it. It seems to me, is absolutely crazy and insecure idea.

No, you do not get it. If you were getting it, you would not call it
"crazy" or "insecure". Please do not scare folks away from the
configuration that makes a lot of sense and is actually used in highly
secure environments.

If you would like to understand why this configuration makes sense,
please carefully study available documentation, resist the urge to post
one-sentence knee-jerk responses, and think about what gets encrypted
between the client and Squid (hint: There are two layers of encryption
in case of HTTPS) and between Squid and the server. If, after all that
effort, you still think that this is "crazy" or "insecure", then
consider carefully itemizing a few specific reasons behind that
[incorrect] conclusion so that others can correct your mistake.


Thank you,

Alex.

>> See "Encrypted browser-Squid connection" at the bottom of
>> http://wiki.squid-cache.org/Features/HTTPS


More information about the squid-users mailing list