Alex has already covered the main point for your issue. The below are details I think it worth you spending some time on in addition to the encryption. On 7/05/20 3:18 am, Matus UHLAR - fantomas wrote: > On 05.05.20 17:29, Ryan Le wrote: >> Proxy-Authorization is of concern here. Most modern browsers now support >> PAC with HTTPS versus PROXY. > It sounds like you know something about the browser support. If you have any more information than we document at <https://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection> please mention it. > >> The Proxy-Authorization can carry the Basic Auth (and NTLM) credentials >> which is of concern currently since all users are mobile. Only if the proxy explicitly requests those credentials. It is highly recommended that you upgrade any insecure authentication protocols regardless of whether TLS is used. NTLM is the worst auth scheme and has been superseded by Kerberos decades ago. Please at least upgrade that. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
