Hello,
Thank you for your prompt and precise answer.
Well I'm permit myself another question, sorry. If you have an opinion about securing the authentification without https_port :
With a FreeIPA central users directory, what could be the best way to secure/protect the authentication process, the login/password.
Or more generally what could be the best options to secure the login/password with only the http_port. So no directly encrypted traffic.
I was assuming https connection could secure the authentication process .. but if ssl-dump is really wanted, so I need another options to secure the login/password.
Did you see my point / what I'm trying to talk about ?
Thank you in advance.
Regards,
Le lun. 25 mai 2020 à 12:26, Amos Jeffries <squid3@xxxxxxxxxxxxx> a écrit :
On 25/05/20 9:59 pm, ben benml wrote:
> Hello,
>
> I'm contacting you for some help.
> I need to deploy a secure proxy based on Squid.
>
> I try to use https_port combined with sslbump. I get an error message
> about a bungled line.
>
> The reasons I want to do this :
> - secure connection between the client browser and the proxy server, so
> using https_port to do it. encrypted traffic in TLS between the client
> and the server.
Fine. Simply using https_port does that.
> - secure login connection. So I need to use https_port to do this.
Fine. Simply using https_port does that.
> - Do ssl inspection of the traffic goeing through the proxy
Squid does not yet support SSL-Bump decrypt of traffic already being
decrypted for the secure proxy.
Please see
<http://lists.squid-cache.org/pipermail/squid-users/2020-May/022120.html> if
you want details.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
