Correct me in I'm wrong then: Squid clients are screwed if they try to
access https:// sites on ports other than 443 or 563, ok?
I couldn't quite understand the reason for the limitation... If the port
information is dropped before the request goes to the proxy, how do both
443 and 563 ports work? (there's probably something didn't get right,
could you get into a little more detail?)
Also, can I configure Squid to allow ports other than these ones for
https or do I have to hack code?
Thanx,
Oskar Pearson wrote:
>
> Hi
>
> > I am trying to find out what encryption schemes are included ith Squid
> > for its SSL support, and whether there is a way to add additional ones.
> > I would appreciate any input! Thanks..
>
> Squid doesn't actually do any encryption: it simply acts as a
> tunnel between the client and the remote side.
>
> Essentially the client uses a CONNECT request instead of a GET
> request:
>
> GET http://www.linux.org/ HTTP/1.1
>
> Is replaced with:
>
> CONNECT www.linux.org:443 HTTP/1.1
>
> Squid then simply passes data through from the client to the server
> without interpreting it (and without saving a copy.)
>
> This can cause problems when people do this:
>
> CONNECT shell-server.domain.example:23 HTTP/1.1
>
> So the newer Squids only allow the port value to be reasonable values
> (443 and 563)
>
> Oskar
-- ___THE___ One man alone cannot fight the future. USE LINUX! \ \ / / _______________________________________________ \ V / |Juan Carlos Castro y Castro | \ / |jcastro@pcshop.com.br | / \ |Linuxeiro, alvinegro, X-Phile e Carioca Folgado| / ^ \ |Diretor de Informática e Eventos Sobrenaturais | / / \ \ |da E-RACE CORPORATION | ~~~ ~~~ ----------------------------------------------- RACERReceived on Tue Mar 23 1999 - 10:20:46 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:23 MST