Fyi, as a workaround till the browsers do cleanly support SSL to a proxy, we used stunnel to accomplish exactly this, securing the traffic between the client and Squid. In our case, we have Squid running on a Windows server, and the SSL support wasn't stable for us, so for that reason (and other reasons I won't go into), we run stunnel on both ends -- but likely it would work just as well to simply point the workstation's stunnel directly at a Squid SSL port.
Working like a charm. Glad to provide more details if it's of interest.
-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Tuesday, September 21, 2010 10:34 PM
To: squid-users_at_squid-cache.org
Subject: EXTERNAL: Re: [squid-users] SSL between squid and client possible?
On Tue, 21 Sep 2010 16:39:53 -0700, "David Parks" <davidparks21_at_yahoo.com>
wrote:
> Can SSL be enabled between client and squid?
> Example: An HTTP request to http://yahoo.com goes over SSL from client
to
> squid proxy, then standard HTTP from squid to yahoo and again secured
from
> squid to client on the way back?
> It seems like this is only possible with reverse proxy setups, not
typical
> proxy forward traffic.
> Just wanted to verify my understanding here.
> Thanks,
> David
Squid will do this happily. https_port is the same as http_port but
requires SSL/TLS on the link.
The problem is that most web browsers won't do the SSL/TLS when talking to
an HTTP proxy. Please assist with bugging the browser devs about this.
https://bugzilla.mozilla.org/show_bug.cgi?id=378637. There are
implications that they might do HTTP-over-SSL to SSL proxies, but certainly
will send non-HTTP there and break those protocols instead.
Amos
Received on Wed Sep 22 2010 - 17:25:42 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 22 2010 - 12:00:04 MDT