On 21/10/14 12:24, Alex Rousskov wrote: > On 10/20/2014 04:22 PM, Jason Haar wrote: > >> Both Chrome and Firefox support talking to proxies using SSL (wpad type >> "HTTPS" instead of "PROXY"). > I did not know that support was added to major browsers. Any pointers to > the relevant configuration knobs? Can it be configured without WPAD? The official Squid wiki is still mostly correct, other than Firefox started working very recently http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection So it looks like WPAD only at the moment > If you remove SslBump and intercept options from https_port, then Squid > should be able to accept and decode the SSL connection, and receive a > plain GET request inside it. Yeah that works just fine. > Please note that I am not sure Squid can currently *bump* CONNECT > requests directed at https_port inside an SSL connection. Ah - well that would explain it then :-) We run an internal PKI and all our staff have individual client certs. What I'm wanting to test is if our firefox/chrome users could run their browsers on the Internet back to our content-filtering Squid proxies via ssl-proxy-with-client-certs. Hence my testing. Probably won't work, but worth a shot ;-) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
