RE: [squid-users] Anonymous SSL Tunneling Proxy

From: Jeremy Junginger <[email protected]>
Date: Fri, 9 May 2003 15:57:02 -0700

You see, that's where things get interesting. If you remember magusnet
(www.magusnet.com/proxy.htm) which is now defunct, you used to enter a
url such as:

https://www.magusnet.com-_-www.yahoo.com

And it would sure as shit return www.yahoo.com, although you were using
the proxy over ssl. You see, I think that people are getting so caught
up in what "product x" or "product y" supports that they aren't getting
the point. All I'm trying to do is tunnel http over ssl. It sounds
like a rather simple concept, but as you can see, the devil's in the
details. I actually read an article that touted a 5 line netcat +
stunnel script that would turn a box into an anonymous ssl tunneling
proxy, but when I asked how it had been configured, they told me that
the article had been published in error and that it could not be done
with netcat and stunnel alone. At any rate, I'm at the same point you
are. I don't know how to do it, but I'm playing with it and trying to
learn. I have seen it work, there are companies that make it work, and
I'm just not sure if I'm barking up the right tree with SQUID, or if
this can be done with some other proxy/webserver software.

Anyhow, thanks for the reply, and sorry if the email looks a bit harsh.
I'm just a little concerned that I can't get a YES or NO.

-Jeremy

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Friday, May 09, 2003 2:52 PM
To: Jeremy Junginger; squid-users@squid-cache.org
Subject: Re: [squid-users] Anonymous SSL Tunneling Proxy

On Friday 09 May 2003 21.50, Jeremy Junginger wrote:
> Is it possible to set up the following with SQUID:
>
> A proxy that uses an SSL connection to tunnel http traffic from the
> client to the proxy server such that the proxy passes the http traffic

> on to the web server?
>
> Client<---ssl--->Squid(SSL)<---http--->www.whatever.com

If you can manage to convince some browser to use SSL for the proxy
connection then Squid-2.5 will happily do the above.

But as far as I know there is not a single browser who thinks using
SSL for the proxy connection is a function someone might want to
use..

This leaves the Squid SSL functionality mostly useful for
accelerators, until some browsers get the picture and understand that
browser<->proxy is also a area where SSL is needed for security.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or firewall
appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [email protected]
Received on Fri May 09 2003 - 16:56:13 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:30 MST