Guys,
I just need an HTTPS proxy that can handle both http and https connections for authorised clients only. I tried to configure something like it's described here http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg93592.html
Forward HTTPs proxy with digest_pw_auth for example.
But I am getting the same error clientNegotiateSSL: Error negotiating SSL connection on FD 6: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) if I try to open a website (http or https) with proxy enabled on browser settings: protocol https, server proxy-squid.com, port 3129, test:test (user/password)
If I understood correctly from our communication its not possible to configure squid like it described above. Or ther
browser(proxy settings: protocol - https, server -proxy-squid.com, port -3129, test:test (user/password)) <------> Squid Server (https_port 3129 with certificate)<--------HTTP or HTTPS connection-------> Destination
Description of the connection flow:
1. a client set proxy settings of his browser settings: https, server:port, user:password
2. a clients credentials were verified by squid server, browser asks the proxy to establish a virtual tunnel between itself and remote server
3. when a client enter https://example.com or http://example.com then browser sends encrypted data through the squid proxy
Anton
2015-02-03 23:45 GMT+03:00 Eliezer Croitoru <eliezer@xxxxxxxxxxxx>:
Hey Anton,
If you use https_port with ssl certificate it will be for one of two options:
- interception of ssl traffic
- reverse proxy with ssl
For both cases the connection between the server and the client in the end will be encrypted while non of them is in a forward proxy mode and there for will not provide and cannot provide what you need\want.
Eliezer
On 03/02/2015 22:41, Anton Radkevich wrote:
Hey Eliezer,
Thank you for your explanation, just want to clarify.
Does it mean that if I configure squid to listen https_port on port 3129
with ssl certificate, connection from a client to squid server by port 3129
will be NOT encrypted?
Anton
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
