[Privoxy-devel] HTTPS filtering in Privoxy
Beeblebrox
zaphod at berentweb.com
Sat Jun 3 07:15:17 UTC 2017
I had been thinking about asking this for some time but just got around
to it. I'm very happy about this development as it ensures the future
of privoxy (considering the mass migration to tools like lets-encrypt).
I would add ideas for consideration and if possible, implementation at
some date. IDK how difficult these would be, so a proposal:
1) Optional toggle to enable SSL key-quality-check, with small message
at top of page from privoxy about check result. As an example, this tool:
https://news.netcraft.com/archives/2013/09/06/perfect-forward-secrecy-in-the-netcraft-extension.html
web-based checking mechanism:
https://www.ssllabs.com/ssltest/analyze.html
2) Optional toggle to force SSL when and if available, like EFF's
HTTPS-everywhere. Granted, there is tcpcrypt.org, and this can already
be set up as downstream proxy by privoxy forward-rule, but it has
several problems a) looks like development is inactive b) seems to
require raw sockets, which I'm not going to allow in my FreeBSD privoxy
Jail :)) and c) requires some inane firewall rules (presumably for
control sockets)
These features would require privoxy to keep an internal DB or list
that gets periodically refreshed and that could cause a separate
security concern, but that's for you guys to evaluate.
Finally, a choice for libressl over openssl (but you're already there
probably)
Thanks again for this good news
Regards
--
HardenedBSD_amd64_12-Current_RadeonKMS
Please CC my email when responding, mail from list is not delivered.
More information about the Privoxy-devel
mailing list