[squid-users] question about encrypted connection between https client and Squid

Antony Stone Antony.Stone at squid.open.source.it
Sun Mar 1 20:03:37 UTC 2015

On Sunday 01 March 2015 at 19:17:22 (EU time), Yuri Voinov wrote:

> 02.03.15 0:07, Julianne Bielski пишет:
> > 
> > http_port 443 ssl-bump
> > cert=/usr/local/squid3/etc/site_priv+pub.pem
> http_port 3128 intercept
> https_port 3129 intercept ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/rootCA.crt
> key=/usr/local/squid/etc/rootCA.key
> 443->3129 port mappind does with NAT.

Just out of interest, is there any functional difference between:

 - Squid listening (in intercept mode) on port 3129, and NAT redirecting 
packets on port 443 to port 3129


 - Squid listening (in intercept mode) on port 443 ?

It seems to me from a networking perspective the two should be identical, so I 
wonder whether there really is any fundctional reason for doing the NAT and 
listening on the redirected port?



It is also possible that putting the birds in a laboratory setting 
inadvertently renders them relatively incompetent.

 - Daniel C Dennett

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list