Guys,
I just need an HTTPS proxy that can handle both http and https connections for authorised clients only. I tried to configure something like it's described here http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg93592.html
Forward HTTPs proxy with digest_pw_auth for example.
But I am getting the same error clientNegotiateSSL: Error negotiating SSL connection on FD 6: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) if I try to open a website (http or https) with proxy enabled on browser settings: protocol https, server proxy-squid.com, port 3129, test:test (user/password)
If I understood correctly from our communication its not possible to configure squid like it described above. Or ther
browser(proxy settings: protocol - https, server -proxy-squid.com, port -3129, test:test (user/password)) <------> Squid Server (https_port 3129 with certificate)<--------HTTP or HTTPS connection-------> Destination
Description of the connection flow:
1. a client set proxy settings of his browser settings: https, server:port, user:password
2. a clients credentials were verified by squid server, browser asks the proxy to establish a virtual tunnel between itself and remote server
3. when a client enter https://example.com or http://example.com then browser sends encrypted data through the squid proxy
Is it possible?
Thanks,
Anton
2015-02-04 6:03 GMT+03:00 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 4/02/2015 9:20 a.m., Anton Radkevich wrote:
> Yuri,
>
> I'd like to allow or deny access for a client before establishing of
> encrypted channel to proxy server using an authentication method of squid
> proxy.
I think you and Yuri are talking past each other on this.
This page has what you want to know
<http://wiki.squid-cache.org/Features/HTTPS>. Yuri was talking about
section-2 connections, but I read your query as being closer to
section-4 connections.
> Can I setup any authentication method for https forward proxy? If yes, is
> it possible to use more secure hash algorithms than old md5?
Squid does Basic, Digest, NTLM, Negotiate, and (with a patch) Bearer.
Its not clear what you mean about MD5. Do you have a specific auth
helper like NCSA storing passwords using that hash?
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
