On Wed, 8 Feb 2006, Murray S. Kucherawy wrote:
> I have squid 2.5-STABLE7 on a box and I'm trying to secure the connection
> between the client and squid.
> I set up Mozilla to proxy via those ports and request an https:// URL, but
> then I get a pile of these in the log before Mozilla gives up:
Your user agent (Mozilla) does not support SSL encrypted connections to
the proxy, only proxying of SSL encrypted connections via the proxy.
You can add SSL encryption to your user agent by running an SSL proxy such
as stunnel <url:http://www.stunnel.org/> on the client. Set up stunnel on
the client with a connection to the https_port of your Squid, then
configure the client to use the configured stunnel port on loopback
(127.0.0.1) as it's proxy. This way the client talks (unencrypted, but
locally only, never leaving the box) to stunnel on the same machine, which
wraps the request in SSL and forwards the connection to the proxy
encrypted.
Broswer -> stunnel -> *Network* -> Proxy -> Internet
> "Your Squid is acting as a web server (http and https), but you are
> attempting to use Squid as a proxy server.
>
> Remove your proxy settings from the browser and instead access Squid as a web
> server and things should work considerably better."
This was from a thread about using Squid as a reverseproxy/accelerator,
not Internet proxying.
> If you'd rather I post to squid-users, let me know.
Always preferred.
> Also, I'd be happy to
> kick a small donation your way for an answer that solves my problem.
Donations are always welcome <url:http://www.squid-cache.org/~hno/>.
Regards
Henrik
Received on Wed Feb 08 2006 - 12:04:45 MST
This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST