>this is http port, speaking http. This is not a https port, so you can't >speak https to it. The difference between 3128 and 3129 is, when you issue >CONNECT request to 3129, squid tries to communicate using SSL as if it was >the destination server (or, whatever you configure in ssl_bump options). >if you want to talk to squid on port 443, you must configure https_port. because I'm doing the explicit proxy for https on this proxy server. if I configure "https_port 3129 ssl-bump ...", then I get this error when doing the https proxy: 2019/12/22 22:07:15| FATAL: ssl-bump on https_port requires tproxy/intercept which is missing. so this to me means, i can only configure https_port if I'm using the intercept method, which I'm not. Or is there a way to listern to the https_port with explicit proxy? >>BTW, the https/TLS bump through this server works. when using the openssl >>s_client, get this result, >>(it says "no peer certificate available"): >this looks to me more like failure of setting up SSL protocol. >I really wonder something SSL related works at all. >you should check with: > >openssl s_client -proxy 192.168.1.35:3129 -connect <host:port> -showcerts > >on both squid ports to see the difference. The above command works for me, but I only get the certs from the real host, not the proxy server itself. thanks. George -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
