No, the situation is still the same with support for encrypted proxy connections missing from all browsers. There is no general frameworks for out-of-band authentiation for Squid published, but it's not very hard. Plugs in to Squid via the external acl mechanism feeding Squid with the current username identified as using the requesting client station IP.. Please note that any such schemes falls down more or less completely the day you have inner proxies. Still possible, but gets much harder to implement proper.. (requires X-Forwarded-For, and complete trust in the inner proxies). On ons, 2007-11-07 at 14:41 -0800, Jay Krous wrote: > I am wondering if anything has changed regarding browser support for SSL > enabled proxy authentication. This is the last I see on the issue. > > >> 2006-12-07 > >> I'm trying to set up a squid proxy with a secure LDAP > >> authentication communication between browser (firefox) and squid . > > > Difficult, as neither MSIE or Firefox supports SSL encrypted proxy > > connections.. > > Neither digest, ntlm, or stunnel on clients are attractive options for > us to secure browser proxy auth. We use LDAP. > > Are there other generalized methods being used to handle proxy > authentication from browser to squid securely? For example, front > ending the proxy authentication with a webpage and passing a message to > squid to allow proxy to those who authenticate on the webpage. Or does > everyone roll their own? > > Thanks much in advance. > > -Jay > > > >
Attachment:
signature.asc
Description: This is a digitally signed message part
