Re: Https_port with "official" certificate

Yuri Voinov <yvoinov@xxxxxxxxx> · Wed, 24 Aug 2016 18:36:35 +0600



    -----BEGIN PGP SIGNED MESSAGE----- 

    Hash: SHA256 

     
    24.08.2016 18:32, Antony Stone пишет:

    > On Wednesday 24 August 2016 at
      14:26:48, Yuri Voinov wrote:

      >

      >> 24.08.2016 18:23, Antony Stone пишет:

      >>> On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov
      wrote:

      >>>> No one CA do not issue signing CA for subject,
      which is not CA itself.

      >>>>

      >>>> So, op wants impossible thing.

      >>>

      >>> Why would one need a signING certificate just to
      create an SSL connection

      >>> between the browser and Squid?

      >>>

      >>> Surely one merely needs a valid signED certificate,
      same as you would

      >>> put on a web server to set up secure connections to
      it?

      >>>

      >>> OP is not intercepting secure traffic, nor making
      HTTP sites look to

      >>> the browser like HTTPS ones.

      >>

      >> Then I do not understand what he wants op.

      >

      > He wants to configure his browser to connect to the proxy
      over an SSL 

      > connection, and then inside this secure connection send
      standard HTTP and 

      > HTTPS requests, just as a browser would do over an unsecured
      connection to the 

      > proxy on Squid's standard port 3128.

    Yeah, I get it. It seems to me, is absolutely crazy and insecure
    idea.

    >

      >

      > It's nothing to do with whether either the client or the
      destination server 

      > believe the web content itself to be secured with SSL/TLS.

      >

      > See "Encrypted browser-Squid connection" at the bottom of

      > http://wiki.squid-cache.org/Features/HTTPS

      >

      >

      > Antony.

      >

    
    -----BEGIN PGP SIGNATURE-----


    Version: GnuPG v2


    iQEcBAEBCAAGBQJXvZTTAAoJENNXIZxhPexG3n4H/0O+OLxWoxAIoVq4B2g33Ep0


    Iz4JkLx542E4gQjCzhtO3Ikjxoh2VLwwkF/S6PZqNvmQg6dJ6sbZVSsUBtJa6h+6


    dWCM6gEeH/xnO3B5krKw9t721fyMpQEmb2uKCLyDxpJHiJLGShifliFykfcZwJ+m


    Vt7+bp1R4KWtYGfh/2QUyRwzReMqlEkuNIJ2/KHucuuEfMauOB/Gn42MsPQDxZKZ


    I0eJmi4Eo8jzYKyC1ZLsZVPVqVSuMz152QYdhBuUb5AJo/DaWVuyEwmhP0MYmEbU


    bSYzQh8FiKuTsrHKYoqqo6m7fLtbz2o5ouGP8kbq6l93E9JBsmBwSsR28Urzwyg=


    =C3LP


    -----END PGP SIGNATURE-----


Attachment:
0x613DEC46.asc

Description: application/pgp-keys
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users