Guys, I just need an HTTPS proxy that can handle both http and https connections for authorised clients only. I tried to configure something like it's described here http://www.mail-archive.com/squid-users@squid-cache.org/msg93592.html Forward HTTPs proxy with digest_pw_auth for example.
But I am getting the same error clientNegotiateSSL: Error negotiating SSL connection on FD 6: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) if I try to open a website (http or https) with proxy enabled on browser settings: protocol https, server proxy-squid.com, port 3129, test:test (user/password) If I understood correctly from our communication its not possible to configure squid like it described above. Or ther browser(proxy settings: protocol - https, server -proxy-squid.com, port -3129, test:test (user/password)) <------> Squid Server (https_port 3129 with certificate)<--------HTTP or HTTPS connection-------> Destination Description of the connection flow: 1. a client set proxy settings of his browser settings: https, server:port, user:password 2. a clients credentials were verified by squid server, browser asks the proxy to establish a virtual tunnel between itself and remote server 3. when a client enter https://example.com or http://example.com then browser sends encrypted data through the squid proxy Is it possible? Thanks, Anton 2015-02-04 6:03 GMT+03:00 Amos Jeffries <squ...@treenet.co.nz>: > On 4/02/2015 9:20 a.m., Anton Radkevich wrote: > > Yuri, > > > > I'd like to allow or deny access for a client before establishing of > > encrypted channel to proxy server using an authentication method of squid > > proxy. > > > I think you and Yuri are talking past each other on this. > > This page has what you want to know > <http://wiki.squid-cache.org/Features/HTTPS>. Yuri was talking about > section-2 connections, but I read your query as being closer to > section-4 connections. > > > > Can I setup any authentication method for https forward proxy? If yes, is > > it possible to use more secure hash algorithms than old md5? > > Squid does Basic, Digest, NTLM, Negotiate, and (with a patch) Bearer. > > Its not clear what you mean about MD5. Do you have a specific auth > helper like NCSA storing passwords using that hash? > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
