Hi, On Tue, Dec 3, 2019 at 6:33 AM Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > NP: you have not configured any Elliptic Curve to be used, so all those > EC ciphers will not be usable. Also you configured some DES based > ciphers and then disable DES. I'll review that, thanks. > The problem is that the client is talking to port 50443 and the service > is expecting port 8080 in URLs. > > The best solution is to have the server and Squid using the same port > number. Preferably 443 for HTTPS services. I can't. Both 443 and 8080 are already in use. > Alternatively you might be able to use the vport= option on https_port > to set the URL port to 8080. However, this affects *all* inbound traffic > at that port and any embedded URLs the service sends the client will > remain broken (contain port 8080). Whether I use vport=8080 or not, it still fails because the client gets an HTTP redirection such as: http://squidserver.local:50443/whatever (without vport=) http://squidserver.local:8080/whatever (with vport=8080) Note the http://. So the client browser is instructed to connect to an HTTP port which is closed/firewalled. I would need to somehow rewrite the redirection to something like: https://squidserver.local:50443/whatever (without vport=) Vieri _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
