On 26/08/2016 1:24 a.m., Samuraiii wrote:
> On 25.8.2016 13:24, Diogenes Jesus wrote:
>> Hi there.
>>
>> The config should work - I noticed only that you're using
>> "--with-gnutls", but that shouldn't be an issue. Try it out and let us
>> know how that worked for you.
>>
>> Dio
>>
>> Sent from
On 25.8.2016 13:24, Diogenes Jesus wrote:
> Hi there.
>
> The config should work - I noticed only that you're using
> "--with-gnutls", but that shouldn't be an issue. Try it out and let us
> know how that worked for you.
>
> Dio
>
> Sent from my iPhone
>
Hello again,
still same error...
Comlete
Hi there.
The config should work - I noticed only that you're using "--with-gnutls", but
that shouldn't be an issue. Try it out and let us know how that worked for you.
Dio
Sent from my iPhone
> On Aug 25, 2016, at 11:17 AM, Samuraiii wrote:
>
>> On 24.8.2016
On 24.8.2016 16:39, Diogenes S. Jesus wrote:
> Oh, an a tiny little detail :)
>
> # squid -v
>
> Squid Cache: Version 4.0.13
>
> Service Name: squid
>
> configure options: '--with-openssl' '--prefix=/usr'
> '--localstatedir=/var' '--libexecdir=/lib/squid'
> '--datadir=/share/squid'
On 08/24/2016 06:36 AM, Yuri Voinov wrote:
> 24.08.2016 18:32, Antony Stone пишет:
>> He wants to configure his browser to connect to the proxy over an SSL
>> connection, and then inside this secure connection send standard HTTP and
>> HTTPS requests
> Yeah, I get it. It seems to me, is
Oh, an a tiny little detail :)
# squid -v
Squid Cache: Version 4.0.13
Service Name: squid
configure options: '--with-openssl' '--prefix=/usr' '--localstatedir=/var'
'--libexecdir=/lib/squid' '--datadir=/share/squid'
'--sysconfdir=/etc/squid' '--with-default-user=proxy'
This configuration here covers the use case described by the OP:
https://gist.githubusercontent.com/splashx/758ff0c59ea291f32edafc516fdaad73/raw/8050fa054821657812961050332b38a56e7e3e68/
If everything works well, you'll notice you won't support HTTP proxy at
all, but users can reach both HTTP
Just to rewind this conversation to the actual problem ...
On 24/08/2016 11:42 p.m., Samuraiii wrote:
> On 24.8.2016 13:18, Antony Stone wrote:
>> Unfortunately it's not Squid that's the challenge - it's the browser.
>>
>> If you're using Firefox and/or Chrome, you should be okay.
>>
>> See
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 19:24, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote:
>
Then I do not understand what he wants op.
>>
>>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti
>> on
>>
>>>
On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote:
> >> Then I do not understand what he wants op.
>
> http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti
> on
>
> > Secure connection to squid proxy without need for anything else (on
> > client side) than
Ok
This is answer (not) I was looking for.
Thank you
S
On 24 August 2016 14:48:40 CEST, Yuri Voinov wrote:
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>
>
>24.08.2016 18:44, Samuraiii пишет:
>>
>>>
>>> > No SSL-bumping or whatever just forwarding.
>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:44, Samuraiii пишет:
>
>>
>> > No SSL-bumping or whatever just forwarding.
>> Firstly, the concept is not safe. Users will have a secure connection
to the proxy - as well as the next? HTTP? User misled green padlock,
believes
>
> > No SSL-bumping or whatever just forwarding.
> Firstly, the concept is not safe. Users will have a secure connection
> to the proxy - as well as the next? HTTP? User misled green padlock,
> believes all secure connection - as external traffic is not encrypted
> after the fact. Second.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Against this backdrop, even a bump SSL security seems a masterpiece.
24.08.2016 18:32, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
>
>> 24.08.2016 18:23, Antony Stone пишет:
>>> On Wednesday 24 August 2016
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:31, Samuraiii пишет:
>
>> look to the browser
>>
>> > like HTTPS ones.
>> Then I do not understand what he wants op.
>>
>>
>>
>
>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
>
> Secure
On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
> 24.08.2016 18:23, Antony Stone пишет:
> > On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> >> No one CA do not issue signing CA for subject, which is not CA itself.
> >>
> >> So, op wants impossible thing.
> >
> > Why
> look to the browser
>
> > like HTTPS ones.
> Then I do not understand what he wants op.
>
>
>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
Secure connection to squid proxy without need for anything else (on
client side) than configuring proxy in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:23, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
>
>> No one CA do not issue signing CA for subject, which is not CA itself.
>>
>> So, op wants impossible thing.
>
> Why would one need a signING
On 24.8.2016 14:24, Antony Stone wrote:
> On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote:
>
>> On 24.8.2016 14:18, Yuri Voinov wrote:
>>> No one CA do not issue signing CA for subject, which is not CA itself.
>>>
>>> So, op wants impossible thing.
>> I have tried to drop clientca option,
On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote:
> On 24.8.2016 14:18, Yuri Voinov wrote:
> > No one CA do not issue signing CA for subject, which is not CA itself.
> >
> > So, op wants impossible thing.
>
> I have tried to drop clientca option, to add generate-host-certificates=off
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Predictable.
24.08.2016 18:22, Samuraiii пишет:
> On 24.8.2016 14:18, Yuri Voinov wrote:
> >
>> No one CA do not issue signing CA for subject, which is not CA itself.
>>
>> So, op wants impossible thing.
>>
> I have tried to drop clientca
On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> No one CA do not issue signing CA for subject, which is not CA itself.
>
> So, op wants impossible thing.
Why would one need a signING certificate just to create an SSL connection
between the browser and Squid?
Surely one merely
On 24.8.2016 14:18, Yuri Voinov wrote:
>
> No one CA do not issue signing CA for subject, which is not CA itself.
>
> So, op wants impossible thing.
>
I have tried to drop clientca option, to add generate-host-certificates=off
but outcome is still same error...
even with just this as config:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No one CA do not issue signing CA for subject, which is not CA itself.
So, op wants impossible thing.
24.08.2016 18:15, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:02:43, Samuraiii wrote:
>
>> Squid fails to start for me with:
>>
Just one thing I noticed:
"clientca" is not the CA which issued your "cert" (sklad.duckdns.org) -
it's the CA to be used when doing client-side authentication, which I'm not
sure if you're doing.
Dio
On Wed, Aug 24, 2016 at 2:02 PM, Samuraiii
wrote:
>
> > Please
On Wednesday 24 August 2016 at 14:02:43, Samuraiii wrote:
> Squid fails to start for me with:
> FATAL: No valid signing SSL certificate configured for HTTPS_port [::]:8443
>
> I have found that this is related to missing self signed certificate,
> and since I do not want to use self signed
> Please give more details for "fails".
>
> Is the following your entire squid.conf (except for comments)?
>
> Have you tried getting SSL access to Squid working before introducing
> authentication?
>
> What are you trying, to test this, and what are the results?
>
>
> Regards,
>
>
> Antony.
On Wednesday 24 August 2016 at 13:42:16, Samuraiii wrote:
> On 24.8.2016 13:18, Antony Stone wrote:
> >
> > See "Encrypted browser-Squid connection" at the bottom of
> > http://wiki.squid-cache.org/Features/HTTPS
>
> I have seen that, it is the cause of my subscription to this list.
> I haven't
On 24.8.2016 13:18, Antony Stone wrote:
> Unfortunately it's not Squid that's the challenge - it's the browser.
>
> If you're using Firefox and/or Chrome, you should be okay.
>
> See "Encrypted browser-Squid connection" at the bottom of
> http://wiki.squid-cache.org/Features/HTTPS
>
>
> Antony.
>
On Wednesday 24 August 2016 at 13:09:52, Samuraiii wrote:
> Hello,
> I am trying to setup squid as SSL protected proxy for few users without
> any intention to use ssl-bumping or any other MITM technique.
> I just want to have SSL secured connection between browser and proxy.
> Proxy will not be
30 matches
Mail list logo