Hello, Thank you for your answer. And sorry for my late reply .. .busy on multiple stuff... you know what it is ;)
I'm totally agree that using https is the best way to secure the authentication. But, in case, ssl-bump is mandatory what you be the best (or the less worst) options to secure authentification (or at least the most possibile secured authent) ? Thank you in advance. Regards, Le mer. 27 mai 2020 à 02:08, Ronan Lucio <ronanlu...@gmail.com> a écrit : > Hi Ben, > > I made working just using https_port (without ssl-bump). > > I think it's a good way to secure squid authentication. > You can also use some tool (like certbot) to generate and > automatically renew certificates, so you can work with a short period > expiration time. > > Hope that helps, > Ronan > > On Tue, May 26, 2020 at 12:10 AM ben benml <ben.malin...@gmail.com> wrote: > > > > Hello, > > > > Thank you for your prompt and precise answer. > > > > Well I'm permit myself another question, sorry. If you have an opinion > about securing the authentification without https_port : > > With a FreeIPA central users directory, what could be the best way to > secure/protect the authentication process, the login/password. > > Or more generally what could be the best options to secure the > login/password with only the http_port. So no directly encrypted traffic. > > > > I was assuming https connection could secure the authentication process > .. but if ssl-dump is really wanted, so I need another options to secure > the login/password. > > > > Did you see my point / what I'm trying to talk about ? > > > > Thank you in advance. > > > > Regards, > > > > > > Le lun. 25 mai 2020 à 12:26, Amos Jeffries <squ...@treenet.co.nz> a > écrit : > >> > >> On 25/05/20 9:59 pm, ben benml wrote: > >> > Hello, > >> > > >> > I'm contacting you for some help. > >> > I need to deploy a secure proxy based on Squid. > >> > > >> > I try to use https_port combined with sslbump. I get an error message > >> > about a bungled line. > >> > > >> > The reasons I want to do this : > >> > - secure connection between the client browser and the proxy server, > so > >> > using https_port to do it. encrypted traffic in TLS between the > client > >> > and the server. > >> > >> Fine. Simply using https_port does that. > >> > >> > - secure login connection. So I need to use https_port to do this. > >> > >> Fine. Simply using https_port does that. > >> > >> > - Do ssl inspection of the traffic goeing through the proxy > >> > >> Squid does not yet support SSL-Bump decrypt of traffic already being > >> decrypted for the secure proxy. > >> > >> > >> Please see > >> < > http://lists.squid-cache.org/pipermail/squid-users/2020-May/022120.html> > if > >> you want details. > >> > >> Amos > >> _______________________________________________ > >> squid-users mailing list > >> squid-users@lists.squid-cache.org > >> http://lists.squid-cache.org/listinfo/squid-users > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users