[squid-users] Client to proxy encryption for Internet Explorer

Panagiotis Bariamis akismpa at gmail.com
Fri Apr 20 18:55:02 UTC 2018


>"credentials" does not necessarily mean passwords.

>TLS also sends credentials in clear. It just happens those credentials
>are called certificates. Likewise all auth schemes in HTTP (except
>Basic) send security tokens of various types - not passwords.

When referring to credentials I mean basic ldap authentication for squid
servers.
Those are sent in plain text (well base64) in every request. So my concern
is the client to proxy encryption so as to protect those credentials.

On Fri, Apr 20, 2018 at 9:48 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 21/04/18 06:40, Panagiotis Bariamis wrote:
> >>Unfortunately the answer there is "no" in regard to IE support. AFAIK
> >>the MS team working on IE also have no plans to add it. IE is formally
> >>on its way towards deprecation so major new functionality like that is
> >>highly unlikely to happen. Their Edge browser may be a different story.
> > Well if they add in in Edge it is going to be system wide as in Internet
> > Explorer. Hopefully they will add the functionality at least at Edge.
> >
> >
> >>Which leaves only the SSL-Bump functionality in Squid to MITM the
> traffic.
> > This functionality does not help much as the problem is the credentials
> > sent over clear text to proxies .
> >
>
> "credentials" does not necessarily mean passwords.
>
> TLS also sends credentials in clear. It just happens those credentials
> are called certificates. Likewise all auth schemes in HTTP (except
> Basic) send security tokens of various types - not passwords.
>
> Amos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180420/0482fc9d/attachment-0001.html>


More information about the squid-users mailing list