On 4/09/19 1:21 am, fansari wrote: > I have tested this and it is working. > > This is what I said: when I use this http_port directive then it works. > > So what is still unclear to me is: what is this https_port directive for? I > understood from one of you answers I found to someone else that this will > lead to something like double stacked TLS encryption. Is this correct? It is for; a) receiving port 443 traffic from a NAT system, or b) receiving TLS explicit proxy traffic. > > http://squid-web-proxy-cache.1019090.n4.nabble.com/https-port-td4682718.html > > The most important question is: using just the http_port directive - will > the connection between client and squid still be https (TLS encrypted)? The answer you are looking for is both Yes and No. Traffic to that port must always start with an un-encrypted request. In the case of HTTP it starts with an unencrypted CONNECT request. The TLS is embedded within the resulting tunnel. The traffic which was going to be encrypted stays encrypted. But there is a non-encrypted portion ahead of it at the transport protocol level. > This is important to understand for me because we need https because our > nodejs application will not work with http connections. > If it can rely on a Browser to do the CONNECT tunnel part, then it should be fine. Otherwise, if it does everything above TCP itself and can only start with the TLS handshake. Then you are going to need to use one of the https_port setups. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
