WhileHTTPS design efforts were focused on end-to-end communication, it wouldalso be nice to be able to encrypt the browser-to-proxy connection
(without creating a CONNECT tunnel that blocks Squid from accessing and
caching content). This would allow, for example, a secure use of remote
proxies located across a possibly hostile network.
Squid can accept regular proxy traffic using https_port in the same way Squid does it using an http_portdirective. Unfortunately, popular modern browsers do not permit
configuration of TLS/SSL encrypted proxy connections. There are open bugreports against most of those browsers now, waiting for support to
appear. If you have any interest, please assist browser teams with
getting that to happen.
Meanwhile,tricks using stunnel or SSH tunnels are required to encrypt the
browser-to-proxy connection before it leaves the client machine. These
are somewhat heavy on the network and can be slow as a result.
Chrome
TheChrome browser is able to connect to proxies over SSL connections if
configured to use one in a PAC file or command line switch. GUI
configuration appears not to be possible (yet).
More details at http://dev.chromium.org/developers/design-documents/secure-web-proxy
Firefox
TheFirefox 33.0 browser is able to connect to proxies over SSL connectionsif configured to use one in a PAC file. GUI configuration appears not
to be possible (yet).
There is still an important bug open:
Using a client certificate authentication to a proxy: https://bugzilla.mozilla.org/show_bug.cgi?id=209312