[squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?
j m
acctforjunk at yahoo.com
Thu May 25 12:00:46 UTC 2017
Thought I'd try getting this to work in Chrome too. NOTHING I try makes it work in Chrome. Isn't running this from the Windows command line supposed to work?
chrome --proxy-server=https://mydomain:myport
When I do this, it runs Chrome, but it's still not going through the proxy despite Firefox on the same computer working just fine!
From: Amos Jeffries <squid3 at treenet.co.nz>
To: j m <acctforjunk at yahoo.com>; "squid-users at lists.squid-cache.org" <squid-users at lists.squid-cache.org>
Sent: Wednesday, May 24, 2017 5:15 PM
Subject: Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?
On 25/05/17 09:01, j m wrote:
> Some more info: I tried this on Firefox 53 and got more feedback, but
> still doesn't work. Per the recommendation on bugzilla (bug 378637),
> I put https://myaddress:myport <https://myaddress:myport/> into
> firefox and it gives me a "Your connection is not secure". So I add
> the exception, and it then displays the squid message "ERROR The
> requested URL could not be retrieved", as expected.
>
> So I add the proxy to Firefox (in Advanced, Network, Settings) as the
> HTTP Proxy....doesn't work, "The proxy server is refusing
> connections". I then put https:// in front of the address, then it's
> "Server not found". I then add it as SSL Proxy. It appears to be
> working, but really it's simply not using the proxy at all because I
> stopped squid and it made no difference.
>
The settings you enter via the Browser GUI are exclusively for setting
up plain-text proxy connections.
"SSL Proxy" in the Browser GUI means the proxy to send any SSL/TLS
traffic *through* (using CONNECT tunnel).
> The link you reference on getting Firefox to work with this refers to
> Firefox 33, so by now I'd think I could directly add the proxy to the
> normal place in Firefox options?
Unfortunately that would be far too sensible. It only took ~20 years to
get them to accept any kind of TLS/SSL security on the Browser<->proxy
connection in the first place.
I really wish that was a joke, but I've long ago given up on expecting
sanity from Browser people. For the topic in question, the argument
behind not adding a simple tick-box to that somewhat hidden GUI popup to
enable TLS/SSL to a proxy ... is unwaveringly that "changing the UI
would cause a lot of end users some confusion and pain" or words to that
affect - and yet I've lost count of how many graphical redesigns have
happened to the things those end-users are directly seeing and using on
a daily basis. But one semi-hidden tick box, oh no!
Amos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170525/19a0ca5a/attachment.html>
More information about the squid-users
mailing list