Re: SSL authentication.

From: Henrik Nordström <henrik@dont-contact.us>
Date: Sun, 24 Feb 2008 21:37:15 +0100

fre 2008-01-25 klockan 08:42 +0200 skrev Razard:

> Question about basic user authentication on proxy.
>
> If user get http web page first times, the proxy respond to
> authenticate them unsecure as default, so what described on login
> windows on browser. But if user get https page, browser creates SSL
> connection and no warnings about plain text password.
>
> Question: if user get https page, their password sends to squid by SSL
> secure or same plain text as a http request?

The basic proxy authentication is the same plain text. It's then the
CONNECT request that carries the proxy login credentials. CONNECT is the
HTTP method used by clients to set up a TCP tunnel over the proxy so
they can negotiate SSL with the web server.

plain text CONNECT request/response
if sucessful [authenticated, allowed access, and connection established]
SSL negotiation starts as normal, with the proxy acting as a dumb relay
between the two just shuffling binary data in both directions.

Regards
Henrik

Received on Sun Feb 24 2008 - 13:41:23 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:09 MST