Search squid archive

Re: SSL bump, SSL intercept, explicit, secure proxy, what is it called?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thought I'd try getting this to work in Chrome too.  NOTHING I try makes it work in Chrome.  Isn't running this from the Windows command line supposed to work?

chrome --proxy-server=https://mydomain:myport

When I do this, it runs Chrome, but it's still not going through the proxy despite Firefox on the same computer working just fine!




From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
To: j m <acctforjunk@xxxxxxxxx>; "squid-users@xxxxxxxxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, May 24, 2017 5:15 PM
Subject: Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 25/05/17 09:01, j m wrote:
> Some more info:  I tried this on Firefox 53 and got more feedback, but
> still doesn't work.  Per the recommendation on bugzilla (bug 378637),
> I put https://myaddress:myport <https://myaddress:myport/> into
> firefox and it gives me a "Your connection is not secure".  So I add
> the exception, and it then displays the squid message "ERROR The
> requested URL could not be retrieved", as expected.
>
> So I add the proxy to Firefox (in Advanced, Network, Settings) as the
> HTTP Proxy....doesn't work, "The proxy server is refusing
> connections".  I then put https:// in front of the address, then it's
> "Server not found".  I then add it as SSL Proxy.  It appears to be
> working, but really it's simply not using the proxy at all because I
> stopped squid and it made no difference.
>

The settings you enter via the Browser GUI are exclusively for setting
up plain-text proxy connections.

"SSL Proxy" in the Browser GUI means the proxy to send any SSL/TLS
traffic *through* (using CONNECT tunnel).


> The link you reference on getting Firefox to work with this refers to
> Firefox 33, so by now I'd think I could directly add the proxy to the
> normal place in Firefox options?

Unfortunately that would be far too sensible.  It only took ~20 years to
get them to accept any kind of TLS/SSL security on the Browser<->proxy
connection in the first place.

I really wish that was a joke, but I've long ago given up on expecting
sanity from Browser people. For the topic in question, the argument
behind not adding a simple tick-box to that somewhat hidden GUI popup to
enable TLS/SSL to a proxy ... is unwaveringly that "changing the UI
would cause a lot of end users some confusion and pain" or words to that
affect - and yet I've lost count of how many graphical redesigns have
happened to the things those end-users are directly seeing and using on
a daily basis. But one semi-hidden tick box, oh no!


Amos



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux