Re: [squid-users] HTTPS proxying

From: Karandeep Malik <karandeepmalik_at_gmail.com>
Date: Thu, 31 Jul 2008 14:22:25 +0530

On Thu, Jul 31, 2008 at 12:02 PM, Serge Egelman <egelman_at_cs.cmu.edu> wrote:
> Hi,
>
> I'm trying to set up squid to forward SSL connections. I previously had it
> set up just as logging proxy for conducting laboratory usability studies (we
> would configure the browsers on our lab machines to use the proxy, then I
> could check the logs afterwards to see where people were going). So I know
> it works for a minimal configuration. I'm working on a study now where I
> need to inject a self signed certificate into an SSL session (I'm looking at
> warning messages), but can't seem to get squid configured correctly (the
> idea is that we'll have the lab machines use configured to use the proxy
> again).
>
> I first tried https_port, but it didn't seem to listen on the port
> (different port than for http_port, and it would listen on that port). When
> I restarted it, it asked for the password on the key, so it was definitely
> reading the directive. Though the port remained closed.
>
> I asked about this in IRC, and someone suggested I upgrade to 3.1 and use
> sslBump. I tried this, however nothing happened. When I went to SSL
> websites it still just used CONNECT.
>
> Any ideas on how I can do this? Am I going about it the wrong way?
>
> Thanks,
>
> serge
> --
> /*
> PhD Candidate
> Carnegie Mellon University
>
> "Whoever said there's no such thing as a free lunch was never a grad
> student."
>
> All views contained in this message, either expressed or implied, are the
> views of my employer, and not my own.
> */
>

Hi Serge,

I think in forward Proxy mode, most of the proxy servers do an SSL
tunneling and donot actually read the https requests. So, I donot
think this will be the case. This is because in forward proxy we have
the Proxy server at the client's end and so we may not need the
encrypted link between the proxy server and the client as proxy server
is in the same network as clients.. It is between the Proxy server and
the main servers ( hosting websites) that we have the SSL link.Because
the proxy server connects to the main server through the internet.

What you are talking about is probably the reverse proxy mode.

Correct me if I am wrong.

Thanks
Karandeep Mali
Received on Thu Jul 31 2008 - 08:52:27 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 31 2008 - 12:00:05 MDT