Hi Ben, I made working just using https_port (without ssl-bump). I think it's a good way to secure squid authentication. You can also use some tool (like certbot) to generate and automatically renew certificates, so you can work with a short period expiration time. Hope that helps, Ronan On Tue, May 26, 2020 at 12:10 AM ben benml <ben.maling42@xxxxxxxxx> wrote: > > Hello, > > Thank you for your prompt and precise answer. > > Well I'm permit myself another question, sorry. If you have an opinion about securing the authentification without https_port : > With a FreeIPA central users directory, what could be the best way to secure/protect the authentication process, the login/password. > Or more generally what could be the best options to secure the login/password with only the http_port. So no directly encrypted traffic. > > I was assuming https connection could secure the authentication process .. but if ssl-dump is really wanted, so I need another options to secure the login/password. > > Did you see my point / what I'm trying to talk about ? > > Thank you in advance. > > Regards, > > > Le lun. 25 mai 2020 à 12:26, Amos Jeffries <squid3@xxxxxxxxxxxxx> a écrit : >> >> On 25/05/20 9:59 pm, ben benml wrote: >> > Hello, >> > >> > I'm contacting you for some help. >> > I need to deploy a secure proxy based on Squid. >> > >> > I try to use https_port combined with sslbump. I get an error message >> > about a bungled line. >> > >> > The reasons I want to do this : >> > - secure connection between the client browser and the proxy server, so >> > using https_port to do it. encrypted traffic in TLS between the client >> > and the server. >> >> Fine. Simply using https_port does that. >> >> > - secure login connection. So I need to use https_port to do this. >> >> Fine. Simply using https_port does that. >> >> > - Do ssl inspection of the traffic goeing through the proxy >> >> Squid does not yet support SSL-Bump decrypt of traffic already being >> decrypted for the secure proxy. >> >> >> Please see >> <http://lists.squid-cache.org/pipermail/squid-users/2020-May/022120.html> if >> you want details. >> >> Amos >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
