[squid-users] Allowing User Certificate Authentication with SSL Bump
Justin Cook
justinglencook at gmail.com
Tue Apr 27 22:23:53 UTC 2021
In this case we're not looking to authenticate the user themselves with the
squid server but with the destination web server, does that change the
scope?
On Tue, Apr 27, 2021 at 10:57 AM Alex Rousskov <
rousskov at measurement-factory.com> wrote:
> On 4/27/21 1:33 PM, Justin Cook wrote:
> > We are running into a situation where we are unable to fully
> > authenticate our users to an internal tooling service that requires
> > certificate authentication as part of its login process, when going
> > through squid forward proxy with SSL bump enabled.
>
> SslBump does not support "TLS inside TLS" configurations, which is what
> you get when you combine certificate-based proxy authentication (which
> requires an https_port working in a forward proxy mode) with SslBump
> (which, for an https_port, currently requires an interception proxy mode).
>
> It is possible to add support for "TLS inside TLS", but it requires a
> serious development effort.
>
>
> https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
>
>
> HTH,
>
> Alex.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210427/c7a34b96/attachment.htm>
More information about the squid-users
mailing list