Search squid archive

Re: Re: squid behind another squid with sslbump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20/06/2013 2:08 a.m., marwan wrote:
Thank you for your help


Amos Jeffries-2 wrote
Because the parent is expecting to receive plain-HTTP from the child.
The child is sending SSL traffic to the parent.

Use an https_port with a normal server certificate (nothing special like
ssl-bump) on the parent proxy.
Can you explain me please the difference between http_port and https_port?

http_port receives HTTP protocol (plain text).
https_port receives HTTPS protocol (SSL wrapped HTTP).



We can exchange ssl trafics with http_port, so why is it interesting to use
https_port?

No you cannot exchange SSL traffic with http_port. Squid only parses unencrypted HTTP traffic on http_port.

I think you are possibly confusing the ability to open a binary tunnel through a HTTP proxy using CONNECT messages, with receiving and processing native SSL. SSL-bump allows Squid to decrypt the CONNECT tunnels, but that is *very* different from receiving the native SSL traffic.

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux