On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote: > >> Then I do not understand what he wants op. > > http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti > on > > > Secure connection to squid proxy without need for anything else (on > > client side) than configuring proxy in browser. > > > Using provided signed certificates. > > No SSL-bumping or whatever just forwarding. > > Firstly, the concept is not safe. Users will have a secure connection to > the proxy Yes, that is all the OP is looking for. > as well as the next? Once it leaves the OP's network I suspect the risk (of eavesdropping etc) is reduced. > HTTP? User misled green padlock, I do not think the browser will show an SSL/TLS padlock for a secured proxy connection - it only shows this for a secured connection to the destination server. Therefore no misled users. > believes all secure connection - as external traffic is not encrypted > after the fact. Second. You seriously think that the world will sit > under HTTPS? What, for example, you want to protect on news sites? I don't understand what you are saying here. The connection across the local network between browser and proxy is secured. Beyond that everything works across the Internet just as normal - HTTP sites are not secured, HTTPS sites are secured. The user sees SSL padlock and certificate chain for HTTPS sites, nothing for HTTP sites. So, the design is more secure over the local network than the standard arrangement, and exactly the same beyond the local network. No security is being compromised or downgraded. Antony. -- Douglas was one of those writers who honourably failed to get anywhere with 'weekending'. It put a premium on people who could write things that lasted thirty seconds, and Douglas was incapable of writing a single sentence that lasted less than thirty seconds. - Geoffrey Perkins, about Douglas Adams Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
