[squid-users] Cache_peer login password encryption
Amos Jeffries
squid3 at treenet.co.nz
Tue Aug 28 12:06:44 UTC 2018
On 28/08/18 11:52 PM, Hariharan Sethuraman wrote:
> Thanks Amos, let me explain my understanding. Please correct if wrong.
> The parent proxy (that is configured in cache_peer) does a basic
> authentication with the squid which will be transferred in plain text
> even if communication with cache_peer is going to be https based. Correct?
>
You mean the connection to the peer uses TLS ?
In that case the encryption is taken care of by the TLS layer. The
proxy and its peer are still talking regular HTTP over that connection.
The Basic auth password still needs to be unencrypted for Squid to
generate the correct HTTP message headers for the peer.
If you need secure passwords use Kerberos (Negotiate auth) between the
peers.
Amos
More information about the squid-users
mailing list