You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At least as far as I can determine, it is not possible to configure redsocks to connect to a proxy over https/tls. It can connect to SSL sites via sending HTTP CONNECT commands to a proxy, but the connection between redsocks and the proxy itself is done in cleartext.
Steps to reproduce:
You will need a squid proxy configures to support SSL (note that the default squid3 package in ubuntu bionic does not: I recommend using the packages built at https://github.com/diladele/squid-ubuntu if you don't feel like recompiling squid from scratch)
A sample squid.conf with an ssl listener on port 443:
Note that this configuration sets up a globally-accessible proxy: you will want to limit access by using htpasswd to create /etc/squid/squid.pass. You will also need to create an openssl key and a self-signed cert in /etc/squid.
Configure redsocks to connect to your proxy on port 443:
base {
log_debug = off;
log_info = on;
log = "syslog:local7";
daemon = off;
redirector = iptables;
}
redsocks {
type = http-connect;
ip = X.X.X.X; # <- add the IP address of your squid proxy
port = 443;
local_ip = 127.0.0.1;
local_port = 12345;
login = "myuser"; # <- user/pass should match your squid.pass file
password = "mypass";
}
The device will not come online in this configuration: tcpdump on your proxy will reveal that it is not attempting to negotiate a TLS connection, but is instead sending plaintext HTTP CONNECT commands to port 443.
If you configure redsocks to talk to the http_port on 3128/tcp, the device will successfully come online.
In contrast, you should be able to successfully use curl to proxy requests over TSL:
At least as far as I can determine, it is not possible to configure redsocks to connect to a proxy over https/tls. It can connect to SSL sites via sending HTTP CONNECT commands to a proxy, but the connection between redsocks and the proxy itself is done in cleartext.
Steps to reproduce:
A sample squid.conf with an ssl listener on port 443:
Note that this configuration sets up a globally-accessible proxy: you will want to limit access by using
htpasswd
to create/etc/squid/squid.pass
. You will also need to create an openssl key and a self-signed cert in /etc/squid.The device will not come online in this configuration: tcpdump on your proxy will reveal that it is not attempting to negotiate a TLS connection, but is instead sending plaintext HTTP CONNECT commands to port 443.
If you configure redsocks to talk to the http_port on 3128/tcp, the device will successfully come online.
In contrast, you should be able to successfully use curl to proxy requests over TSL:
The text was updated successfully, but these errors were encountered: