[squid-users] Encrypt CONNECT Header

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue May 5 15:08:59 UTC 2020


On 05.05.20 10:24, Felipe Polanco wrote:
>I may be mistaken but I believe you don't need to use ssl-bump with
>explicit https proxy.
>
>In your browser settings, use an HTTPS proxy instead of HTTP.

and squid needs https_port to accept https traffic.

>On Tue, May 5, 2020 at 10:19 AM Ryan Le <ryanlele264 at gmail.com> wrote:
>> Is there plans to support explicit forward proxy over HTTPS to the proxy
>> with
>> ssl-bump? We would like to use https_port ssl-bump without using the
>> intercept or tproxy option. Clients will use PAC with a HTTPS directive
>> rather than a PROXY directive. The goal is to also encrypted the CONNECT
>> header which exposes the domain in plain text while it traverses to the
>> proxy.

people will still be able to see SNI SSL header.

however, ssl-bump is different feature.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.


More information about the squid-users mailing list