[squid-users] HTTPS support

Alex Rousskov rousskov at measurement-factory.com
Wed May 3 17:22:42 UTC 2017


On 05/03/2017 10:57 AM, j m wrote:
> I wanted to set up a proxy on my home server for use from remote
> locations to use as a web proxy (of course) and also to run SSH over.

The "ssh" part is unrelated to Squid. Secure ssh separately from Squid.


> This means that basic auth is undesirable due to the login being sent
> in clear text.  So, someone suggested digest auth, and I was happy.
>  But, now I'm finding that PuTTY and WinSCP do not support digest auth.
>  And consequently, I haven't found any other SSH clients that support
> digest. (sigh)

These problems will go away if you stop mixing Squid and ssh. Squid is
HTTP while PuTTY/WinSCP is SSH. You gain very little by trying to use
the same authentication mechanism for both protocols in your use case.


> So, I'm back to plan b, and that is to have a secure proxy connection so
> all browser-to-server communication is encrypted.

That is a good idea if all of your browsers support it. Popular browsers
support HTTPS-to-proxy on desktop, but I am not sure about their mobile
versions. You may have to jump through some hoops.


> So the question is, does
> anyone know if squid 3.5 on Ubuntu 16.04 supports secure connections?

Squid v3.5 supports secure connections to the proxy. See "TLS / SSL
Options" for the http_port directive (not the https_port directive!).

You can install Squid v3.5 on Ubuntu. I do not know whether the official
Ubuntu Squid package is built with the required support.


HTH,

Alex.



More information about the squid-users mailing list