Difference between revisions of "Using encrypted channels to communicate with squid proxy server"
m |
m |
||
Line 1: | Line 1: | ||
<yambe:breadcrumb self="HTTP proxy">Squid proxy server configuration|Squid</yambe:breadcrumb> | |||
=Using encrypted channels to communicate with squid proxy server= | =Using encrypted channels to communicate with squid proxy server= | ||
Line 27: | Line 28: | ||
verify=3 | verify=3 | ||
</pre> | </pre> | ||
Revision as of 11:44, 2 December 2012
<yambe:breadcrumb self="HTTP proxy">Squid proxy server configuration|Squid</yambe:breadcrumb>
Using encrypted channels to communicate with squid proxy server
We can use
https_port 8081 cert=/etc/squid/squid.pem
in 'squid.conf' to allow clients to connect to proxy using SSL, where 'squid.pem' can ge generated using
openssl req -new -x509 -days 999 -nodes -out squid.pem -keyout squid.pem
We can also use RSA tools provided by openvpn to create a CA and then a server certificate.
On the client side we can use stunnel to tunnel all browser plain-text traffic over SSL to proxyserver, port 8081. Sample stunnel service configuration is
[facultyproxy] accept=8080 client=yes connect=facultyproxy.iiit.ac.in:8081
We can add above section to '/etc/stunnel/stunnel.conf' file and run stunnel using 'stunnel /etc/stunnel/stunnel.conf' so that stunnel listens on port 8080 on localhost and forwards all incoming connections to facultyproxy on port 8081.
We can also add following options, if we have CA certificate and we want to defy man-in-the-middle attacks via other self-signed certificates.
CAfile=/etc/pki/CA/private/ca.crt verify=3