On 09/14/2018 12:11 PM, John Refwe wrote: > I have a couple of questions about the squid https_port. > > 1) Does it only exist for transparent connections? No, it does not. It also supports encrypted connections between the client and Squid. In that scenario, Squid can be called an HTTPS proxy. Many modern browsers and other clients (e.g., curl) support HTTPS proxies. > I know if I want to have a transparent proxy that can accept requests > TLS requests, I need to have the port be a https_port rather than a > http_port, but is that what it was created for? IIRC, it was created for the HTTPS proxy support. Inspection of intercepted TLS connections came much later. > 2) How come the https_port does not support receiving proxy protocol? If it does not, then nobody added that support. There is nothing in the PROXY protocol itself that would make it impossible to support on the https_port AFAICT. > I thought that HAProxy supports sending it before instantiating a TLS connection? I do not know what HAProxy does or whether it supports talking to HTTPS proxies at all, but the whole idea behind HTTPS proxying is to protect/encrypt client-proxy communication. I would expect HAProxy to send the PROXY header _inside_ the TLS connection to the HTTPS proxy, not outside it! Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
