On 20/06/2013 2:08 a.m., marwan wrote:
> Thank you for your help
>
>
> Amos Jeffries-2 wrote
>> Because the parent is expecting to receive plain-HTTP from the child.
>> The child is sending SSL traffic to the parent.
>>
>> Use an https_port with a normal server certificate (nothing special like
>> ssl-bump) on the parent proxy.
> Can you explain me please the difference between http_port and https_port?
http_port receives HTTP protocol (plain text).
https_port receives HTTPS protocol (SSL wrapped HTTP).
> We can exchange ssl trafics with http_port, so why is it interesting to use
> https_port?
No you cannot exchange SSL traffic with http_port. Squid only parses
unencrypted HTTP traffic on http_port.
I think you are possibly confusing the ability to open a binary tunnel
through a HTTP proxy using CONNECT messages, with receiving and
processing native SSL. SSL-bump allows Squid to decrypt the CONNECT
tunnels, but that is *very* different from receiving the native SSL traffic.
Amos
Received on Wed Jun 19 2013 - 16:51:19 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 21 2013 - 12:00:36 MDT