|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 04.02.2015 3:30, Anton Radkevich пишет: > Guys, > > I just need an HTTPS proxy that can handle both http and https connections for authorised clients only. I tried to configure something like it's described here http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg93592.html > Forward HTTPs proxy with digest_pw_auth for example. > > But I am getting the same error clientNegotiateSSL: Error negotiating SSL connection on FD 6: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) if I try to open a website (http or https) with proxy enabled on browser settings: protocol https, server proxy-squid.com <http://proxy-squid.com>, port 3129, test:test (user/password) Hmmmmm. This means you try to put HTTP requests over HTTPS port. You need different Squid ports for HTTP and HTTPS. I'm afraid, you cannot pass both protocols over one port. > > If I understood correctly from our communication its not possible to configure squid like it described above. Or ther > > browser(proxy settings: protocol - https, server -proxy-squid.com <http://proxy-squid.com>, port -3129, test:test (user/password)) <------> Squid Server (https_port 3129 with certificate)<--------HTTP or HTTPS connection-------> Destination > > Description of the connection flow: > 1. a client set proxy settings of his browser settings: https, server:port, user:password > 2. a clients credentials were verified by squid server, browser asks the proxy to establish a virtual tunnel between itself and remote server > 3. when a client enter https://example.com or http://example.com then browser sends encrypted data through the squid proxy > > Anton > > > 2015-02-03 23:45 GMT+03:00 Eliezer Croitoru <eliezer@xxxxxxxxxxxx <mailto:eliezer@xxxxxxxxxxxx>>: > > Hey Anton, > > If you use https_port with ssl certificate it will be for one of two options: > - interception of ssl traffic > - reverse proxy with ssl > > For both cases the connection between the server and the client in the end will be encrypted while non of them is in a forward proxy mode and there for will not provide and cannot provide what you need\want. > > Eliezer > > > On 03/02/2015 22:41, Anton Radkevich wrote: > > Hey Eliezer, > > Thank you for your explanation, just want to clarify. > > Does it mean that if I configure squid to listen https_port on port 3129 > with ssl certificate, connection from a client to squid server by port 3129 > will be NOT encrypted? > > Anton > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU0T8YAAoJENNXIZxhPexGdE4H/0/zBOkDtAp0+CaDHXdSUDqu z96bEorW7rLEXusohVXImuevgSWnyxvpUmsJiN/0zu26MzDHQ4jc0XD1qmM7YZ5y YQ1gFnHdemLLN1fwxWqsLepXPKsZkEuM8oon8kvXxNn6xwCpN7COyeXCGA7e0+FO p3qcF0SC8vIge0NDFzf8uhh8utV/5RaTBKUNz5tsNxy861Qp+YliMltDYUgIGcwD wwEHvSJhtedkQ69D1BDZSMKAILipQfDp4CZt4R02TrkGG4OZMK7c02NO9CCbJsLp p4LERF66bClc/p667P+XFZpGOKmMbOEOivLFVgzGhVC56CwQitCHKjUHMbVi+hg= =uxsh -----END PGP SIGNATURE----- |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
