I can confirm that it works fine on Windows as well ... we are using stunnel as described on Windows PCs tunneling to a Windows server, with Squid running on the Windows server, proxying the traffic. -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Wednesday, December 15, 2010 4:44 PM To: squid-users@xxxxxxxxxxxxxxx Subject: EXTERNAL: Re: https to http translation On Wed, 15 Dec 2010 16:54:36 +0330, purgat <purgatio@xxxxxxxxx> wrote: > Just for the sake of helping other people... > Thanks to everybody's help specially Amos my problem is somewhat solved > though a lot of fine-tuning is yet to be done. One thing I want to > stress on is ease and simplicity. I heard of several options here, > interestingly, most of which made sense theoretically though I didn't > have the technical experience to handle the complexity. > The solution that worked for me as was suggested by Amos, was "stunnel" > with squid. This would be suitable for someone with relatively low > knowledge of networking who is relatively comfortable doing things on > command-line. > say you set up your browser settings to use 127.0.0.1 with any unused > port of your choice. Set up stunnel on client and set it up in client > mode to forward the mentioned port to some port on your server. Only 4 > lines of conf file are to be added/modified 1 for client mode and 3 for > accepting and forwarding the port to server (I commented out most of the > rest of the sample file for the time being). Then you set up stunnel on > server side with exactly reverse settings. Exit port this time is what > your squid (or other proxy server of your choice) is listening to. > Extremely simple and effective. I haven't tried it on Windows yet but I > believe it must be fine. > My thanks to everybody for their help and support > > P.S. Amos I didn't find the Firefox bug that you mentioned. If you have > an address it would be great because I may be able to contribute one way > or another. Wonderful thank you. https://bugzilla.mozilla.org/show_bug.cgi?id=378637 This reminds me we do not have a stunnel setup in the config examples, are you happy to write up a simple how-to config page for http://wiki.squid-cache.org/ConfigExamples ? Amos > > > > On Tue, 2010-12-14 at 01:05 +0000, Amos Jeffries wrote: >> On Mon, 13 Dec 2010 22:06:01 +0330, purgat wrote: >> > Hey >> > ok let me see if I got this right (excuse the noob!): >> > Let's say you set up squid to listen to ssl over 8081 and set up proxy >> > settings of your browser to use 8081 for both http and https. Now if >> > you >> > type in an address with https in your browser you will send your data >> > to >> > squid over ssl (probably ssl of the target website) but if you use >> > http, >> > browser will not understand that the proxy on the other side is looking >> > for an ssl connection. Did I get this right? >> >> Yes. >> >> > If that is the case, one other option would be setting up a proxy >> > daemon >> > on the local machine and try to get it connected to the main proxy >> > server over an encrypted connection. Can THAT be done with squid? >> >> Yes, people have had success with stunnel and others. I don't do it >> myself >> so can't help with the config side of those. >> >> Amos >>
