[squid-users] Squid 4.4 https_port and ssl-bump : Fatal bungled line

ben benml ben.maling42 at gmail.com
Mon May 25 12:10:15 UTC 2020


Hello,

Thank you for your prompt and precise answer.

Well I'm permit myself another question, sorry. If you have an opinion
about securing the authentification without https_port :
With a FreeIPA central users directory, what could be the best way to
secure/protect the  authentication process, the login/password.
Or more generally what could be the best options to secure the
login/password with only the http_port. So no directly encrypted traffic.

I was assuming https connection could secure the authentication process ..
but if ssl-dump  is really wanted, so I need another options to secure the
login/password.

Did you see my point / what I'm trying to talk about ?

Thank you in advance.

Regards,


Le lun. 25 mai 2020 à 12:26, Amos Jeffries <squid3 at treenet.co.nz> a écrit :

> On 25/05/20 9:59 pm, ben benml wrote:
> > Hello,
> >
> > I'm contacting you for some help.
> > I need to deploy a secure proxy based on Squid.
> >
> > I try to use https_port combined with sslbump. I get an error message
> > about a bungled line.
> >
> > The reasons I want to do this :
> > - secure connection between the client browser and the proxy server, so
> > using https_port to do it. encrypted  traffic in TLS between the client
> > and the server.
>
> Fine. Simply using https_port does that.
>
> > - secure login connection. So I need to use https_port to do this.
>
> Fine. Simply using https_port does that.
>
> > - Do ssl inspection of the traffic goeing through the proxy
>
> Squid does not yet support SSL-Bump decrypt of traffic already being
> decrypted for the secure proxy.
>
>
> Please see
> <http://lists.squid-cache.org/pipermail/squid-users/2020-May/022120.html>
> if
> you want details.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200525/c001b889/attachment.html>


More information about the squid-users mailing list