[squid-users] HTTPS support
Alex Rousskov
rousskov at measurement-factory.com
Wed May 3 17:22:42 UTC 2017
On 05/03/2017 10:57 AM, j m wrote:
> I wanted to set up a proxy on my home server for use from remote
> locations to use as a web proxy (of course) and also to run SSH over.
The "ssh" part is unrelated to Squid. Secure ssh separately from Squid.
> This means that basic auth is undesirable due to the login being sent
> in clear text. So, someone suggested digest auth, and I was happy.
> But, now I'm finding that PuTTY and WinSCP do not support digest auth.
> And consequently, I haven't found any other SSH clients that support
> digest. (sigh)
These problems will go away if you stop mixing Squid and ssh. Squid is
HTTP while PuTTY/WinSCP is SSH. You gain very little by trying to use
the same authentication mechanism for both protocols in your use case.
> So, I'm back to plan b, and that is to have a secure proxy connection so
> all browser-to-server communication is encrypted.
That is a good idea if all of your browsers support it. Popular browsers
support HTTPS-to-proxy on desktop, but I am not sure about their mobile
versions. You may have to jump through some hoops.
> So the question is, does
> anyone know if squid 3.5 on Ubuntu 16.04 supports secure connections?
Squid v3.5 supports secure connections to the proxy. See "TLS / SSL
Options" for the http_port directive (not the https_port directive!).
You can install Squid v3.5 on Ubuntu. I do not know whether the official
Ubuntu Squid package is built with the required support.
HTH,
Alex.
More information about the squid-users
mailing list