Search squid archive

Re: SQUID3 HTTPs forward proxy and sha256/512 authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yuri,

I'd like to allow or deny access for a client before establishing of encrypted channel to proxy server using an authentication method of squid proxy.
Can I setup any authentication method for https forward proxy? If yes, is it possible to use more secure hash algorithms than old md5?

Thanks,
Anton

03 февр. 2015 г. 23:12 пользователь "Yuri Voinov" <yvoinov@xxxxxxxxx> написал:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
As forward HTTPS proxy you can use no tricks. Just preroute HTTPS traffic to Squid and permit method CONNECT with 443 port - Squid forward HTTPS connections by design.

I do not understand, what does authentication here. This is another problem that is not related to proxying HTTPS.

04.02.2015 2:06, Anton Radkevich пишет:
>
> Thanks for quick reply,
> We don't need ssl bumping, or isn't it possible to configure by another way, without using ssl bumping?
>
> What's about authentication using modern hash algorithms sha256/512?
>
> Anton
>
> 03 февр. 2015 г. 22:58 пользователь "Yuri Voinov" <yvoinov@xxxxxxxxx <mailto:yvoinov@xxxxxxxxx>> написал:
>
>
> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>
> 04.02.2015 1:03, Anton Radkevich пишет:
>
> > Hi everyone,
>
> > Could you please help me with configuration Squid3 as forward HTTPs proxy?
>
> > Is it possible to configure it in such way?
>
> > What we do need is a fully encrypted HTTPS forward proxy that can handle HTTP or HTTPS connection AND uses authentication.
>
> > so just to be clear the connection flow will look like:
>
> > browser <Encrypted Tunnel> Server <HTTP or HTTPS connection> Destination
>
> > where <Encrypted Tunnel> is probably some form of HTTPS connection for support with the browser PAC
>
> > Also, for client auth, can we used more "modern" hashing algorithms like sha256/512? md5 is old and collision prone at this point.
>
> > Thank you in advance!
>
>
>
> > _______________________________________________
> > squid-users mailing list
> > squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
>     http://lists.squid-cache.org/listinfo/squid-users
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJU0SusAAoJENNXIZxhPexGYKsH/0eRnm1ZEuzIGmibIQiP/BxU
+4qnPAmvu/nCVnemCrOVFDV/+49j/yCqjDtbdH1p6igCmjrzv2C11pgDP00IHs+l
kOL2O/65ubae3rL3EFNIX60daXOsEGZ6kOOOZ5Ik6hHfvOeT8YhdB9ryl+JoWtXB
DUVYPCsX+dsSmZHHC3fqjml7ZYG+rUb0K3Ipeq/khJibMqLzdJ6B4Vf+xeUqz+Nx
22YgaKx2ujsXgdIRzuz/HQfl5U9moGS0/iC5JEvq1TTmV8zk+7HFqJjVaKmL2Euk
9xvqTRPjfD7s7ZlqR/qtwwDxpYX6HbiGTLfYwAuDqtD2Ixj0CjgzLEeyGj6LvWs=
=wJWL
-----END PGP SIGNATURE-----

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux