[squid-users] Re: squid behind another squid with sslbump

Amos Jeffries-2 wrote
> On 20/06/2013 2:08 a.m., marwan wrote:
>> Thank you for your help
>>
>>
>> Amos Jeffries-2 wrote
>>> Because the parent is expecting to receive plain-HTTP from the child.
>>> The child is sending SSL traffic to the parent.
>>>
>>> Use an https_port with a normal server certificate (nothing special like
>>> ssl-bump) on the parent proxy.
>> Can you explain me please the difference between http_port and
>> https_port?
>
> http_port receives HTTP protocol (plain text).
> https_port receives HTTPS protocol (SSL wrapped HTTP).
>
>
>
>> We can exchange ssl trafics with http_port, so why is it interesting to
>> use
>> https_port?
>
> No you cannot exchange SSL traffic with http_port. Squid only parses
> unencrypted HTTP traffic on http_port.
>
> I think you are possibly confusing the ability to open a binary tunnel
> through a HTTP proxy using CONNECT messages, with receiving and
> processing native SSL. SSL-bump allows Squid to decrypt the CONNECT
> tunnels, but that is *very* different from receiving the native SSL
> traffic.
>
> Amos

Thank you.

I have another question.

You say me that to use the SSL parameters of cache_peer, I have to use
https_port.
But I have read that https_port is used for the reverse proxy mode.
So, I want to know if we can only use the SSL parameters of cache_peer in
the reverse proxy mode?

Regards,

-- 
HALLOUMI Marwan
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-behind-another-squid-with-sslbump-tp4660678p4660746.html
Sent from the Squid - Users mailing list archive at Nabble.com.