Re: https

From: Redfern Ian <>
Date: Thu, 16 Oct 1997 10:52:00 +0100

The site manager is wrong, and is running an unorthodox (effectively
broken) configuration.

Look at the lines

acl SSL_ports port 443 563

http_access deny CONNECT !SSL_ports

in squid.conf. Because the proxy cannot interpret SSL - it could be
anything, possibly even malicious - it only allows SSL traffic to the
recognised SSL ports: 443 (https) and 563 (secnews).

You can change this by modifying the SSL_ports ACL, but their site is
going to be difficult to get to for a lot of people behind firewalls or
filtering routers. Port 2000 is traditionally used for some types of X
Windows services, so is quite inappropriate to run an SSL web server on.

Ian Redfern (
Received on Thu Oct 16 1997 - 02:54:33 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:17 MST