Search squid archive

Re: SSL bump, SSL intercept, explicit, secure proxy, what is it called?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 25/05/17 09:01, j m wrote:
Some more info: I tried this on Firefox 53 and got more feedback, but still doesn't work. Per the recommendation on bugzilla (bug 378637), I put https://myaddress:myport <https://myaddress:myport/> into firefox and it gives me a "Your connection is not secure". So I add the exception, and it then displays the squid message "ERROR The requested URL could not be retrieved", as expected.
So I add the proxy to Firefox (in Advanced, Network, Settings) as the HTTP Proxy....doesn't work, "The proxy server is refusing connections". I then put https:// in front of the address, then it's "Server not found". I then add it as SSL Proxy. It appears to be working, but really it's simply not using the proxy at all because I stopped squid and it made no difference.
The settings you enter via the Browser GUI are exclusively for setting up plain-text proxy connections.
"SSL Proxy" in the Browser GUI means the proxy to send any SSL/TLS traffic *through* (using CONNECT tunnel).
The link you reference on getting Firefox to work with this refers to Firefox 33, so by now I'd think I could directly add the proxy to the normal place in Firefox options?
Unfortunately that would be far too sensible. It only took ~20 years to get them to accept any kind of TLS/SSL security on the Browser<->proxy connection in the first place.
I really wish that was a joke, but I've long ago given up on expecting sanity from Browser people. For the topic in question, the argument behind not adding a simple tick-box to that somewhat hidden GUI popup to enable TLS/SSL to a proxy ... is unwaveringly that "changing the UI would cause a lot of end users some confusion and pain" or words to that affect - and yet I've lost count of how many graphical redesigns have happened to the things those end-users are directly seeing and using on a daily basis. But one semi-hidden tick box, oh no! 

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux