Re: SQUID3 HTTPs forward proxy and sha256/512 authentication

Yuri Voinov <yvoinov@xxxxxxxxx> · Wed, 04 Feb 2015 02:42:53 +0600



    -----BEGIN PGP SIGNED MESSAGE----- 

    Hash: SHA1 

     
    No. It will be encrypted to both directions.

    
    04.02.2015 2:41, Anton Radkevich пишет:

    >

      > Hey Eliezer,

      >

      > Thank you for your explanation, just want to clarify.

      >

      > Does it mean that if I configure squid to listen https_port
      on port 3129 with ssl certificate, connection from a client to
      squid server by port 3129 will be NOT encrypted?

      >

      > Anton

      >

      > 03 февр. 2015 г. 23:23 пользователь "Eliezer Croitoru"
      <eliezer@xxxxxxxxxxxx <mailto:eliezer@xxxxxxxxxxxx>>
      написал:

      >

      >     On 03/02/2015 17:14, Anton Radkevich wrote:

      >

      >         so just to be clear the connection flow will look
      like:

      >

      >         browser <Encrypted Tunnel> Server <HTTP or
      HTTPS connection> Destination

      >

      >         where <Encrypted Tunnel> is probably some form
      of HTTPS connection for

      >         support with the browser PAC

      >

      >

      >     Hey Anton,

      >

      >     Squid do not support socks connection or any other form
      of encryption.

      >     The known options to encrypt the connection between the
      client and the server are:

      >     - ssl vpn tunnel

      >     - ssh vpn tunnel

      >     - some other weird and special ways

      >

      >     Since I am not familiar with all authentication methods I
      cannot answer.

      >     On the other hand squid offers couple ways to
      authenticate and I am sure that the choice between md5 or other
      sha algorithm is not important if you are encrypting the
      connection between the server and the client using a tunnel.

      >     If you wish to use some higher security levels you can
      use client side certificates and pin IP addresses to the
      certificates.

      >

      >     All The Bests,

      >     Eliezer

      >

      >     _______________________________________________

      >     squid-users mailing list

      >     squid-users@xxxxxxxxxxxxxxxxxxxxx
      <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>

      >     http://lists.squid-cache.org/listinfo/squid-users
      <http://lists.squid-cache.org/listinfo/squid-users>

      >

      >

      >

      > _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

    
    -----BEGIN PGP SIGNATURE-----


    Version: GnuPG v2


    iQEcBAEBAgAGBQJU0TLMAAoJENNXIZxhPexG5oQH+wST2zGmBB/QPJCMylsN8fSt


    s9cLNvlJLyOR4WI+p6qy18JJijjuFsI54Ont3x/LAFKyrmrcGUnKZhPE/3S+Vcqk


    zS/V7wpA7daTmUm697Dz0B34hlrVqjoUVUsINts/JE2pRCFA09crEzsFN/oWfPrQ


    e5Ks5xjwqswJYtAX33r9qwsPyYjbsxZu0nMN/bNLWYvm58sU/prvCkS9M0pDMd0m


    hVNLQ7Yr5xrkfMTZuEsXV8X2iM8um0voGih8LP4GU4h7VDOai2ScvJ6yXaH+P9rF


    yi+0bg0lYpmBDlLB+yXBF02ZQ9etZv8AtEFZu9FepTyFbpiecds7IfbU9MBSgNA=


    =JVZ0


    -----END PGP SIGNATURE-----


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users