Search squid archive

Re: Squid + OpenSSL w/FIPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 02 July 2019 at 23:05:27, Cody Cushing wrote:

> Hello, I would like to use Squid as a forward proxy to ensure traffic
> leaving my VM is using a TLS connection negotiated through a client using
> FIPS certified encryption. I have OpenSSL w/FIPS configured on my VM, and
> Squid properly configured as a forward proxy.

So, surely all you need is a firewall to block any direct traffic which attempts 
to bypass the TLS client?

> What I do not know is:
> • is this sufficient (does Squid use any available OpenSSL crypto on the
> system)
> • or do I need to compile a custom Squid build referencing the OpenSSL fips
> "modules" (two C libraries)
> • or does Squid reference completely different crypto libraries and neither
> of the above two considerations are even valid

You say you want to use "a TLS connection negotiated through a client using 
FIPS certified encryption".  What's at the other end of that connection (ie: 
what is your VM talking to to create this link)?

Are you saying that you want HTTPS connections from your VM to go only to 
remote servers which support this FIPS-certified TLS method, and no other 
websites should be accessible?

Or, are you trying to tunnel HTTP and HTTPS traffic from your VM to some trusted 
endpoint - if so, what happens to it from there?

Basically, given a connection from your VM to some random website, what part 
of the connection are you trying to encrypt in this specific way?


Regards,


Antony.

-- 
"Life is just a lot better if you feel you're having 10 [small] wins a day 
rather than a [big] win every 10 years or so."

 - Chris Hadfield, former skiing (and ski racing) instructor

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux