On 26/08/2016 1:24 a.m., Samuraiii wrote:
> On 25.8.2016 13:24, Diogenes Jesus wrote:
>> Hi there.
>>
>> The config should work - I noticed only that you're using
>> "--with-gnutls", but that shouldn't be an issue. Try it out and let us
>> know how that worked for you.
>>
>> Dio
>>
>> Sent from my
On 25.8.2016 13:24, Diogenes Jesus wrote:
> Hi there.
>
> The config should work - I noticed only that you're using
> "--with-gnutls", but that shouldn't be an issue. Try it out and let us
> know how that worked for you.
>
> Dio
>
> Sent from my iPhone
>
Hello again,
still same error...
Comlete de
Hi there.
The config should work - I noticed only that you're using "--with-gnutls", but
that shouldn't be an issue. Try it out and let us know how that worked for you.
Dio
Sent from my iPhone
> On Aug 25, 2016, at 11:17 AM, Samuraiii wrote:
>
>> On 24.8.2016 16:39, Diogenes S. Jesus wrote:
On 24.8.2016 16:39, Diogenes S. Jesus wrote:
> Oh, an a tiny little detail :)
>
> # squid -v
>
> Squid Cache: Version 4.0.13
>
> Service Name: squid
>
> configure options: '--with-openssl' '--prefix=/usr'
> '--localstatedir=/var' '--libexecdir=/lib/squid'
> '--datadir=/share/squid' '--sysconfdir=
On 08/24/2016 06:36 AM, Yuri Voinov wrote:
> 24.08.2016 18:32, Antony Stone пишет:
>> He wants to configure his browser to connect to the proxy over an SSL
>> connection, and then inside this secure connection send standard HTTP and
>> HTTPS requests
> Yeah, I get it. It seems to me, is absolutely
Oh, an a tiny little detail :)
# squid -v
Squid Cache: Version 4.0.13
Service Name: squid
configure options: '--with-openssl' '--prefix=/usr' '--localstatedir=/var'
'--libexecdir=/lib/squid' '--datadir=/share/squid'
'--sysconfdir=/etc/squid' '--with-default-user=proxy'
'--with-logdir=/var/log/
This configuration here covers the use case described by the OP:
https://gist.githubusercontent.com/splashx/758ff0c59ea291f32edafc516fdaad73/raw/8050fa054821657812961050332b38a56e7e3e68/
If everything works well, you'll notice you won't support HTTP proxy at
all, but users can reach both HTTP and
Just to rewind this conversation to the actual problem ...
On 24/08/2016 11:42 p.m., Samuraiii wrote:
> On 24.8.2016 13:18, Antony Stone wrote:
>> Unfortunately it's not Squid that's the challenge - it's the browser.
>>
>> If you're using Firefox and/or Chrome, you should be okay.
>>
>> See "Encry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 19:24, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote:
>
Then I do not understand what he wants op.
>>
>>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti
>> on
>>
>>> S
On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote:
> >> Then I do not understand what he wants op.
>
> http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti
> on
>
> > Secure connection to squid proxy without need for anything else (on
> > client side) than configu
Ok
This is answer (not) I was looking for.
Thank you
S
On 24 August 2016 14:48:40 CEST, Yuri Voinov wrote:
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>
>
>24.08.2016 18:44, Samuraiii пишет:
>>
>>>
>>> > No SSL-bumping or whatever just forwarding.
>>> Firstly, the concept is no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:44, Samuraiii пишет:
>
>>
>> > No SSL-bumping or whatever just forwarding.
>> Firstly, the concept is not safe. Users will have a secure connection
to the proxy - as well as the next? HTTP? User misled green padlock,
believes
>
> > No SSL-bumping or whatever just forwarding.
> Firstly, the concept is not safe. Users will have a secure connection
> to the proxy - as well as the next? HTTP? User misled green padlock,
> believes all secure connection - as external traffic is not encrypted
> after the fact. Second. Y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Against this backdrop, even a bump SSL security seems a masterpiece.
24.08.2016 18:32, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
>
>> 24.08.2016 18:23, Antony Stone пишет:
>>> On Wednesday 24 August 2016 at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:32, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
>
>> 24.08.2016 18:23, Antony Stone пишет:
>>> On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
No one CA do not issue signing CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:31, Samuraiii пишет:
>
>> look to the browser
>>
>> > like HTTPS ones.
>> Then I do not understand what he wants op.
>>
>>
>>
>
>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
>
> Secure c
On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
> 24.08.2016 18:23, Antony Stone пишет:
> > On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> >> No one CA do not issue signing CA for subject, which is not CA itself.
> >>
> >> So, op wants impossible thing.
> >
> > Why wou
> look to the browser
>
> > like HTTPS ones.
> Then I do not understand what he wants op.
>
>
>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
Secure connection to squid proxy without need for anything else (on
client side) than configuring proxy in bro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:23, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
>
>> No one CA do not issue signing CA for subject, which is not CA itself.
>>
>> So, op wants impossible thing.
>
> Why would one need a signING
On 24.8.2016 14:24, Antony Stone wrote:
> On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote:
>
>> On 24.8.2016 14:18, Yuri Voinov wrote:
>>> No one CA do not issue signing CA for subject, which is not CA itself.
>>>
>>> So, op wants impossible thing.
>> I have tried to drop clientca option,
On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote:
> On 24.8.2016 14:18, Yuri Voinov wrote:
> > No one CA do not issue signing CA for subject, which is not CA itself.
> >
> > So, op wants impossible thing.
>
> I have tried to drop clientca option, to add generate-host-certificates=off
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Predictable.
24.08.2016 18:22, Samuraiii пишет:
> On 24.8.2016 14:18, Yuri Voinov wrote:
> >
>> No one CA do not issue signing CA for subject, which is not CA itself.
>>
>> So, op wants impossible thing.
>>
> I have tried to drop clientca option,
On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> No one CA do not issue signing CA for subject, which is not CA itself.
>
> So, op wants impossible thing.
Why would one need a signING certificate just to create an SSL connection
between the browser and Squid?
Surely one merely nee
On 24.8.2016 14:18, Yuri Voinov wrote:
>
> No one CA do not issue signing CA for subject, which is not CA itself.
>
> So, op wants impossible thing.
>
I have tried to drop clientca option, to add generate-host-certificates=off
but outcome is still same error...
even with just this as config:
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No one CA do not issue signing CA for subject, which is not CA itself.
So, op wants impossible thing.
24.08.2016 18:15, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:02:43, Samuraiii wrote:
>
>> Squid fails to start for me with:
>> FAT
Just one thing I noticed:
"clientca" is not the CA which issued your "cert" (sklad.duckdns.org) -
it's the CA to be used when doing client-side authentication, which I'm not
sure if you're doing.
Dio
On Wed, Aug 24, 2016 at 2:02 PM, Samuraiii
wrote:
>
> > Please give more details for "fails".
On Wednesday 24 August 2016 at 14:02:43, Samuraiii wrote:
> Squid fails to start for me with:
> FATAL: No valid signing SSL certificate configured for HTTPS_port [::]:8443
>
> I have found that this is related to missing self signed certificate,
> and since I do not want to use self signed certifi
> Please give more details for "fails".
>
> Is the following your entire squid.conf (except for comments)?
>
> Have you tried getting SSL access to Squid working before introducing
> authentication?
>
> What are you trying, to test this, and what are the results?
>
>
> Regards,
>
>
> Antony.
Firs
On Wednesday 24 August 2016 at 13:42:16, Samuraiii wrote:
> On 24.8.2016 13:18, Antony Stone wrote:
> >
> > See "Encrypted browser-Squid connection" at the bottom of
> > http://wiki.squid-cache.org/Features/HTTPS
>
> I have seen that, it is the cause of my subscription to this list.
> I haven't
On 24.8.2016 13:18, Antony Stone wrote:
> Unfortunately it's not Squid that's the challenge - it's the browser.
>
> If you're using Firefox and/or Chrome, you should be okay.
>
> See "Encrypted browser-Squid connection" at the bottom of
> http://wiki.squid-cache.org/Features/HTTPS
>
>
> Antony.
>
I
On Wednesday 24 August 2016 at 13:09:52, Samuraiii wrote:
> Hello,
> I am trying to setup squid as SSL protected proxy for few users without
> any intention to use ssl-bumping or any other MITM technique.
> I just want to have SSL secured connection between browser and proxy.
> Proxy will not be "
Hello,
I am trying to setup squid as SSL protected proxy for few users without
any intention to use ssl-bumping or any other MITM technique.
I just want to have SSL secured connection between browser and proxy.
Proxy will not be "transparent" and will be using PAC file for
configuration and PAM for
32 matches
Mail list logo
