[squid-users] Client to proxy encryption for Internet Explorer

Amos Jeffries squid3 at treenet.co.nz
Fri Apr 20 18:48:49 UTC 2018


On 21/04/18 06:40, Panagiotis Bariamis wrote:
>>Unfortunately the answer there is "no" in regard to IE support. AFAIK
>>the MS team working on IE also have no plans to add it. IE is formally
>>on its way towards deprecation so major new functionality like that is
>>highly unlikely to happen. Their Edge browser may be a different story.
> Well if they add in in Edge it is going to be system wide as in Internet
> Explorer. Hopefully they will add the functionality at least at Edge.
> 
> 
>>Which leaves only the SSL-Bump functionality in Squid to MITM the traffic.
> This functionality does not help much as the problem is the credentials
> sent over clear text to proxies .
> 

"credentials" does not necessarily mean passwords.

TLS also sends credentials in clear. It just happens those credentials
are called certificates. Likewise all auth schemes in HTTP (except
Basic) send security tokens of various types - not passwords.

Amos


More information about the squid-users mailing list