On 9/17/19 5:02 PM, Sam Holden wrote: > When I have protocol=http is reports: > 2019/09/17 20:08:55| Accepting reverse-proxy HTTP Socket connections > When I don't set the protocol is reports: > 2019/09/17 20:17:38| Accepting reverse-proxy HTTPS Socket connections > So it seems to be following the protocol= for the incoming protocol > rather than just the outgoing. Agreed. That (still) looks like a bug to me. [PROXY protocol prefix aside], an https_port ought to expect TLS traffic, regardless of any port tuning options, including the poorly named "protocol" option. FWIW, I tried to quickly figure out what is really going on in the code, but ran out of time -- configuration parsing code does appear to overwrite the data member used as the incoming protocol of a listening port which makes no sense to me and contradicts documentation, but I am probably missing something in this mess. Hopefully, somebody else can help you triage this further. Alex. >> What happens when you connect to the above https_port using a TLS >> connection? > > When I have the protocol=http I get (443 is being mapped to 4277 elsewhere): > > $ wget https://127.0.0.1:4277/ --no-check-certificate > --2019-09-17 20:53:04-- https://127.0.0.1:4277/ > Connecting to 127.0.0.1:443... connected. > GnuTLS: An unexpected TLS packet was received. > Unable to establish SSL connection. > $ wget http://127.0.0.1:4277/ > --2019-09-17 20:54:17-- http://127.0.0.1:4277/ > Connecting to 127.0.0.1:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 61979 (61K) [text/html] _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
