Yuri, I'd like to allow or deny access for a client before establishing of encrypted channel to proxy server using an authentication method of squid proxy. Can I setup any authentication method for https forward proxy? If yes, is it possible to use more secure hash algorithms than old md5?
Thanks, Anton 03 февр. 2015 г. 23:12 пользователь "Yuri Voinov" <yvoi...@gmail.com> написал: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > As forward HTTPS proxy you can use no tricks. Just preroute HTTPS traffic > to Squid and permit method CONNECT with 443 port - Squid forward HTTPS > connections by design. > > I do not understand, what does authentication here. This is another > problem that is not related to proxying HTTPS. > > 04.02.2015 2:06, Anton Radkevich пишет: > > > > Thanks for quick reply, > > We don't need ssl bumping, or isn't it possible to configure by another > way, without using ssl bumping? > > > > What's about authentication using modern hash algorithms sha256/512? > > > > Anton > > > > 03 февр. 2015 г. 22:58 пользователь "Yuri Voinov" <yvoi...@gmail.com > <mailto:yvoi...@gmail.com> <yvoi...@gmail.com>> написал: > > > > > > http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit > > > > 04.02.2015 1:03, Anton Radkevich пишет: > > > > > Hi everyone, > > > > > Could you please help me with configuration Squid3 as forward HTTPs > proxy? > > > > > Is it possible to configure it in such way? > > > > > What we do need is a fully encrypted HTTPS forward proxy that can > handle HTTP or HTTPS connection AND uses authentication. > > > > > so just to be clear the connection flow will look like: > > > > > browser <Encrypted Tunnel> Server <HTTP or HTTPS connection> > Destination > > > > > where <Encrypted Tunnel> is probably some form of HTTPS connection for > support with the browser PAC > > > > > Also, for client auth, can we used more "modern" hashing algorithms > like sha256/512? md5 is old and collision prone at this point. > > > > > Thank you in advance! > > > > > > > > > _______________________________________________ > > > squid-users mailing list > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > <squid-users@lists.squid-cache.org> > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > <squid-users@lists.squid-cache.org> > > http://lists.squid-cache.org/listinfo/squid-users > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBAgAGBQJU0SusAAoJENNXIZxhPexGYKsH/0eRnm1ZEuzIGmibIQiP/BxU > +4qnPAmvu/nCVnemCrOVFDV/+49j/yCqjDtbdH1p6igCmjrzv2C11pgDP00IHs+l > kOL2O/65ubae3rL3EFNIX60daXOsEGZ6kOOOZ5Ik6hHfvOeT8YhdB9ryl+JoWtXB > DUVYPCsX+dsSmZHHC3fqjml7ZYG+rUb0K3Ipeq/khJibMqLzdJ6B4Vf+xeUqz+Nx > 22YgaKx2ujsXgdIRzuz/HQfl5U9moGS0/iC5JEvq1TTmV8zk+7HFqJjVaKmL2Euk > 9xvqTRPjfD7s7ZlqR/qtwwDxpYX6HbiGTLfYwAuDqtD2Ixj0CjgzLEeyGj6LvWs= > =wJWL > -----END PGP SIGNATURE----- > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
