Alex has already covered the main point for your issue. The below are
details I think it worth you spending some time on in addition to the
encryption.
On 7/05/20 3:18 am, Matus UHLAR - fantomas wrote:
> On 05.05.20 17:29, Ryan Le wrote:
>> Proxy-Authorization is of concern here. Most modern
On 05.05.20 17:29, Ryan Le wrote:
The issue is not related to the server certificate SNI. It's related to
exposing a few other sensitive data points such as the domain which is
clearly exposed in the CONNECT header. This would be exposed regardless of
TLS 1.3.
not if you talk to the proxy over
If you need to encrypt the traffic between the browser and the proxy
perhaps you can use a VPN or a browser extension for this, that way your
traffic is encrypted on its way to the proxy.
On Tue, May 5, 2020 at 5:29 PM Ryan Le wrote:
> Hi All,
> Thanks for providing the information.
> The issue
Hi All,
Thanks for providing the information.
The issue is not related to the server certificate SNI. It's related to
exposing a few other sensitive data points such as the domain which is
clearly exposed in the CONNECT header. This would be exposed regardless of
TLS 1.3. Also, there are other
On 5/5/20 10:18 AM, Ryan Le wrote:
> Is there plans to support explicit forward proxy over HTTPS to the proxy
> with ssl-bump?
There have been a few requests for TLS-inside-TLS support, but I am not
aware of any actual sponsors or features on the road map. It is a
complicated project, even though
On 05.05.20 10:24, Felipe Polanco wrote:
I may be mistaken but I believe you don't need to use ssl-bump with
explicit https proxy.
In your browser settings, use an HTTPS proxy instead of HTTP.
and squid needs https_port to accept https traffic.
On Tue, May 5, 2020 at 10:19 AM Ryan Le
I may be mistaken but I believe you don't need to use ssl-bump with
explicit https proxy.
In your browser settings, use an HTTPS proxy instead of HTTP.
On Tue, May 5, 2020 at 10:19 AM Ryan Le wrote:
> Is there plans to support explicit forward proxy over HTTPS to the proxy
> with
> ssl-bump?
Is there plans to support explicit forward proxy over HTTPS to the proxy
with
ssl-bump? We would like to use https_port ssl-bump without using the
intercept or tproxy option. Clients will use PAC with a HTTPS directive
rather than a PROXY directive. The goal is to also encrypted the CONNECT
header
